Re: PAM and libpwdb

To: Andrew Morgan <morgan@transmeta.com>
Cc: lsb-spec@lists.linuxbase.org
Subject: Re: PAM and libpwdb
From: "H. Peter Anvin" <hpa@transmeta.com>
Date: Wed, 02 Feb 2000 20:53:25 -0800
Message-id: <[🔎] 389909C5.E2CB3EF6@transmeta.com>
References: <3898EAE6.2D8059EF@transmeta.com> <[🔎] 389909A0.F379CBA@transmeta.com>

Andrew Morgan wrote:
> >
> > Something else that would be cool would be a PAM (or NSS?) module for
> > getting one's password from the Samba-format encrypted password file
> > instead of /etc/shadow.  It really does the same thing, it's just that
> > using the WinNT-compatible encryption format, one can use WinNT password
> > encryption on the net.
> >
> > (NT encryption, unlike LanManager encryption, is actually useful for
> > security.)
> 
> Where PAM is currently weak is with respect to non-password based
> authentication. The last couple of releases of the Linux-PAM tar ball
> have included support for a client side PAM implementation. IMHO, this
> is the missing link for taking PAM to the next level. I've already used
> it to implement a fingerprint authentication scheme (using one of these
> biomouse things http://abio.com/), and with the recent changes in US and
> kernel.org policies, I'm hopeful that I'll soon be able to distribute
> some strong mutual authentication schemes as PAM module/agents.
> 

Well, this would still be a password-based scheme (unlike, say,
authenticating via an NT domain server.)  Just a different encryption
scheme, really.

> Is that a reasonable summary?

Sure is.

	-hpa

-- 
<hpa@transmeta.com> at work, <hpa@zytor.com> in private!
"Unix gives you enough rope to shoot yourself in the foot."

Reply to:

References:
- Re: PAM and libpwdb
  - From: Andrew Morgan <morgan@transmeta.com>

Prev by Date: Re: PAM and libpwdb
Next by Date: Re: PAM and libpwdb
Previous by thread: Re: PAM and libpwdb
Next by thread: Re: PAM and libpwdb
Index(es):
- Date
- Thread