Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PAM questions. HELP!

On Tue, 3 Dec 2002, Jordan Hubbard wrote:

> I'm not sure I understand the question. The Security Framework is
> merely a collection of security mechanisms (like keychain) and a
> pluggable authentication chain. It's entirely orthogonal to the
> question of whether to use NetInfo or OpenDirectory, and in fact
> supports both.

But can you use neither and something else? Why? Because what we have
doesnt work, it doesnt seem to integrate seamlessly.

I also thought security Frameworks were supposed to work kind of like PAM
on steroids which is modularizes to a large extent the whole auth
procedure. IE a clear standard to which both sides of the fence could
adhere to, and have it be transparent to the admins/users without
complicating any developers life, because of internal or external changes.
Obviously something got screwed up between concept and
design/implementation.

> You're missing something. :)

some days im missing more than others.. =)

> All we were trying to do with PAM is make
> it another "chain segment" which could be used by the Unix side of the
> house when faced with legacy PAM plug-ins that people wanted to be able
> to use to authenticate mechanisms like, say, ssh. Any greater purpose
> or agenda is neither implied or intended.

I realize this in its current state It is more or less a hack. You
explicitly said moving forward... thus I am wondering about instead of
hack about building a PAM Security Frameworks module wouldnt it be easier
for everyone just to have a legitimate module that works for both sides of
the house? Thus I was trying to get an outline of what had to be done, and
what pitfalls were in the way of this. And actually since there is no
"transparent" standard set why not just use PAM?

> > The second being, the LoginWindow isn't directly using Security
> > Frameworks, and it is still using direct ties to NetInfo which then
> > looks
> > up in Security Frameworks for authentification.
>
> Are you sure of this?

This is what I read, is my information incorrect?
I swear i read that in an Apple Document which seems to have disappeared
from my system atm, but I thought it was dated this year around June and
it had a graphic outlining it early in the document like page 10.)

Sean
_______________________________________________
darwin-development mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/darwin-development
Do not post admin requests to the list. They will be ignored.
References: 
 >Re: PAM questions. HELP! (From: Jordan Hubbard <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.