XSSO, so far as I can tell, is a document written by a committee more interested in publishing a document than creating a meaningful API. What problem (details please) are you trying to solve? Thanks Andrew Nicolas Williams wrote: > > Come on, someone on this list must know something about XSSO. Heck, > there's even stubs in LinuxPAM for XSSO extensions. > > I can see the use of pam_authenticate_secondary() and pam_get_mapped_* > and so on, but that's for tasks such as getting Kerberos tickets when > Kerberos isn't your primary form of authentication. > > I think something like, say, pam_gss_authenticated() is needed. It's > arguments would be a PAM handle, a GSS mechanism OID (gss_OID_desc), a > GSS QoP OID and a principal name (gss_name_t). > > Applications that use Kerberos directly instead of GSS-API could still > use pam_gss_authenticated() by converting the KRB5 principal name into a > gss_name_t and by getting the relevant OIDs. > > Nico > > On Mon, Aug 21, 2000 at 03:48:31PM -0400, Nicolas Williams wrote: > > > > So, I've been looking at XSSO [*], the X/Open PAM-based single sign-on > > spec. I like their pretty SSO pictures, and particularly the one where > > an application uses GSS-API to authenticate to a remote service which > > then uses XSSO to validate the client. > > > > I'm looking for how such a service would use XXSO (PAM) in that case. It > > doesn't seem like there is an API for informing XSSO of the GSS-API > > authentication information (mechanism(s), client principal(s)) so XSSO > > can correctly authenticate and authorize the client. > > > > Can someone enlighten me as to the above? > > > > [*] http://www.opengroup.org/pubs/catalog/p702.htm > > > > Thanks, > > > > Nico > > -- > > > > . > -- > > _______________________________________________ > > Pam-list@redhat.com > https://listman.redhat.com/mailman/listinfo/pam-list
