>>>>> "Andrew" == Andrew Morgan <morgan@transmeta.com> writes:
>> [...] I think PAM binary prompts could be used as a simple API
>> wrapper around SASL/GSS-API/Kerberos/..., but apps using PAM
>> this way might need to know the token types so as to, for
>> example, be able to further format them as needed by the
>> protocol spoken by the app, or to be able to respond
>> appropriately to prompts whose token type cannot be used by the
>> app, either because the protocols it speaks don't specify how
>> to use certain token types, or because the app has negotiated a
>> network authentication protocol to use with the remote side and
>> so on... Also, to be truly useful as a simple wrapper around
>> those complex APIs, PAM would have to provide a way for the app
>> to communicate with the modules.
Where would you use SASL over PAM or GSSAPI over PAM? Why would it be
a good idea?
