> > 3) but with GSS-API/Kerberos it is telnetd that handles authentication, > > and login then handles environment issues (becoming the user, > > exec()ing the user's shell, ...) > > > > We really ought to have a way of dealing with basic vs. pass-through > > authentication, everything else remaining the same. would it help for PAM to be capable of securely handling pass-through authentication [such that one app, having been initiated by a user using basic-auth can then securely communicate with another app on _behalf_ of that user]?
