On Tue, May 15, 2001 at 10:29:09PM -0400, Sam Hartman wrote: > >>>>> "Andrew" == Andrew Morgan <morgan@transmeta.com> writes: > >> [...] I think PAM binary prompts could be used as a simple API > >> wrapper around SASL/GSS-API/Kerberos/..., but apps using PAM > >> this way might need to know the token types so as to, for > >> example, be able to further format them as needed by the > >> protocol spoken by the app, or to be able to respond > >> appropriately to prompts whose token type cannot be used by the > >> app, either because the protocols it speaks don't specify how > >> to use certain token types, or because the app has negotiated a > >> network authentication protocol to use with the remote side and > >> so on... Also, to be truly useful as a simple wrapper around > >> those complex APIs, PAM would have to provide a way for the app > >> to communicate with the modules. ^^^ That was me, not Andrew Morgan. > Where would you use SASL over PAM or GSSAPI over PAM? Why would it be > a good idea? I *think*, but am not convinced, that PAM, with some extra glue, can be a simpler API to do SASL/GSS/Kerberos with. Think, GSS-API has some 60-some-odd calls. Compare to PAM. Cheers, Nico --
