On Tue, Aug 29, 2000 at 01:33:37PM +1000, Luke Kenneth Casson Leighton wrote: > a data-transfer protocol's job is not to worry about the details of auth > etc. I like that statement. > consider this: in the light of the existence of secure transports, is it > in fact pam's job to propose modifications to protocols to provide secure > alternatives to those protocols? Well, the PAM+binary prompts system we've been dicussing would NOT require any protocol mods to any app. Is tunneling everything the way to go? And how does an app running inside the tunnel find out about the safety of the tunnel, how the tunnel client was authenticated and as who? Doing basic auth (username + cleartext password) over secure tunnels does not promote signle-sign-on... not unless you use password wallets (yuk!). > [the answer might be yes] I think the question is incorrect. Noone is proposing to modify protocols with PAM; certainly not me. > lukes > Nico --
