Nicolas Williams wrote: > I imagine telnetd or ftpd going through this sequence: > > - accept connection, perform Kerberos or GSS-API (likely Kerberos) > authentication Before we go there. Is there any reason why we couldn't pursue the idea of implementing GSS's authentication in a PAM module? I've just had an hour to catch up on the pam-list fraction of the kerberos thread, and I didn't see anything that touched on this. If I read your proposal, it sort of looks like: - have something else manage authentication - use PAM too. I'm personally more interested in extending PAM to be general enough to deal with more interesting authentication schemes (as modules). What stands in the way of doing that? Cheers Andrew
