Jeffrey Altman <jaltman@columbia.edu> writes: >> > What I'm learning from this thread is that the telnetd/login division >> > of labor may have made sense in 1981, but it doesn't make sense any >> > more today. With modern security infrastructures, the process which >> > implements the network protocol and the client which manages the >> > host's user login process cannot be completely separate. Setting up a >> > bidirectional communications channel between telnetd and login may be >> > sufficient, but I suspect combining them would be easier. >> > >> > Marc >> > >> >> Marc, you have hit the nail on the head. What we really need on >> Unix is to replace the file based credentials cache with something >> else that can be contacted securely by the network process, the login >> process, and the user. You're putting words in my mouth. I never said anything about moving away from a a file-based ccache. I was talking about combining telnetd and login. Marc
