> What I'm learning from this thread is that the telnetd/login division
> of labor may have made sense in 1981, but it doesn't make sense any
> more today. With modern security infrastructures, the process which
> implements the network protocol and the client which manages the
> host's user login process cannot be completely separate. Setting up a
> bidirectional communications channel between telnetd and login may be
> sufficient, but I suspect combining them would be easier.
>
> Marc
>
Marc, you have hit the nail on the head. What we really need on
Unix is to replace the file based credentials cache with something
else that can be contacted securely by the network process, the login
process, and the user.
Jeffrey Altman * Sr.Software Designer
The Kermit Project * Columbia University
612 West 115th St * New York, NY * 10025 * USA
http://www.kermit-project.org/ * kermit-support@kermit-project.org
