So, I've been looking at XSSO [*], the X/Open PAM-based single sign-on spec. I like their pretty SSO pictures, and particularly the one where an application uses GSS-API to authenticate to a remote service which then uses XSSO to validate the client. I'm looking for how such a service would use XXSO (PAM) in that case. It doesn't seem like there is an API for informing XSSO of the GSS-API authentication information (mechanism(s), client principal(s)) so XSSO can correctly authenticate and authorize the client. Can someone enlighten me as to the above? [*] http://www.opengroup.org/pubs/catalog/p702.htm Thanks, Nico --
