Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PAM questions. HELP!

On Tuesday, December 3, 2002, at 06:49 PM, Sean wrote:

But can you use neither and something else? Why? Because what we have
doesnt work, it doesnt seem to integrate seamlessly.

I don't believe there's currently "anything else" to really offer. Obviously you can embed your own direct calls to various security libraries like Kerberos and avoid any of the "chain of pain" authentication models we have now, but I'm not sure what that buys other than simply shuffling the pain around, I don't see any other handy methods for substantially reducing it.

I also thought security Frameworks were supposed to work kind of like PAM
on steroids which is modularizes to a large extent the whole auth
procedure.

That's only part of what's provided. There's quite a bit more to S.F., and it's sort of like Apple's equivalent to OpenSSL - it's a lot more than people think it is at first blush, and it's both an authentication chain and a collection of many general purpose procedures.

IE a clear standard to which both sides of the fence could
adhere to, and have it be transparent to the admins/users without
complicating any developers life, because of internal or external changes.

Hmmm. You're one of those optimistic types I see.

I realize this in its current state It is more or less a hack. You
explicitly said moving forward... thus I am wondering about instead of
hack about building a PAM Security Frameworks module wouldnt it be easier
for everyone just to have a legitimate module that works for both sides of
the house?

How would you suggest implementing such a thing? We're always open to ideas.

This is what I read, is my information incorrect?

I'll have to ask the LoginWindow folks - I'd be surprised if it talked to netinfo directly, but stranger things have happened.

--
Jordan K. Hubbard
Engineering Manager, BSD technology group
Apple Computer
_______________________________________________
darwin-development mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/darwin-development
Do not post admin requests to the list. They will be ignored.


Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.