A module could be written that would tell ftpd (or telnetd for that matter) what authentication methods are available. Alas, the ftp or telnetd client only chooses one out of the list, so we would have to be content with that. (Actually with telnetd would could continue with some text based authentication methods). I also thought that another module could be written that would specify the encryption types that are permitted. A later module would then check to make sure that the connection is indeed encrypted. > -----Original Message----- > From: Ingo Luetkebohle [SMTP:ingo@blank.pages.de] > Sent: Saturday, August 26, 2000 5:29 AM > To: pam-list@redhat.com > Subject: Re: XSSO? How to communicate to XSSO/PAM external > authentication info? > > On Fri, Aug 25, 2000 at 09:53:13PM -0400, Nicolas Williams wrote: > > - pam_gss would probably be first in the auth stack and would issue > > a binary prompt asking ftpd to negotiate for GSS-API > > Trouble is, RFC 2228 mandates that its the *client* that suggests > which auth protocol to use and the server is supposed to know which > auth protocols it can support. I don't see how that can be made to > work with PAM's current prompting mechanism. > > Even in protocols like IMAP, where the client has to give the server > some control by issueing a CAPABILITY request, the server has to know > which authentication protocols it can support *before* actual > negotiation takes place. Similiar problem. > > ---Ingo Luetkebohle / 21st Century Digital Boy > > its easy to stop using Perl: I do it after every project > > > > _______________________________________________ > > Pam-list@redhat.com > https://listman.redhat.com/mailman/listinfo/pam-list
