On Sat, Aug 26, 2000 at 04:58:22PM -0400, Nicolas Williams wrote:
> So? Pam_gss would be issuing the binary prompt, and in such protocols
> the service had better already know what auth type was negotiated. PAM
> still would get to authorize the use of any particular authentication
> type though, via pam_acct_mgmt().
Ok, I re-read your original post and think I misunderstood it on first
pass. Just to get this clear, you are suggesting a new GSSAPI
mechanism ("PAM") which would be general in nature and could support
arbitrary authentication mechanims, implemented in the usual PAM way
as modules. Did I get that right this time?
If yes, the application obviously knows that it would have to
negotiate for GSSAPI and then leave the rest to PAM. However, that
seems like one step too many for me.
If no, I don't see how you'll fit a binary prompt into FTP-SEC.
--
Ingo Luetkebohle / 21st Century Digital Boy
its easy to stop using Perl: I do it after every project
