> Jeffrey Altman <jaltman@columbia.edu> writes:
>
> >> > What I'm learning from this thread is that the telnetd/login division
> >> > of labor may have made sense in 1981, but it doesn't make sense any
> >> > more today. With modern security infrastructures, the process which
> >> > implements the network protocol and the client which manages the
> >> > host's user login process cannot be completely separate. Setting up a
> >> > bidirectional communications channel between telnetd and login may be
> >> > sufficient, but I suspect combining them would be easier.
> >> >
> >> > Marc
> >> >
> >>
> >> Marc, you have hit the nail on the head. What we really need on
> >> Unix is to replace the file based credentials cache with something
> >> else that can be contacted securely by the network process, the login
> >> process, and the user.
>
> You're putting words in my mouth. I never said anything about moving
> away from a a file-based ccache. I was talking about combining
> telnetd and login.
Sorry, I thought you were refering to the additional desire to have
the process requests for service tickets be redirected to the telnet
client when the cache hit fails.
Jeffrey Altman * Sr.Software Designer
The Kermit Project * Columbia University
612 West 115th St * New York, NY * 10025 * USA
http://www.kermit-project.org/ * kermit-support@kermit-project.org
