Subject: Re: BSD auth for NetBSD
To: Bill Studenmund <wrstuden@netbsd.org>
From: Love <lha@stacken.kth.se>
List: tech-security
Date: 09/12/2003 22:51:48
--=-=-=
Content-Transfer-Encoding: quoted-printable


Bill Studenmund <wrstuden@netbsd.org> writes:

> On Fri, 12 Sep 2003, Love wrote:
>
>> Jason Thorpe <thorpej@wasabisystems.com> writes:
>>
>> > On Thursday, September 11, 2003, at 01:23  PM, Greg A. Woods wrote:
>> >
>> >> However I've not yet seen one shred of evidence which would show that
>> >> there could be any kind of problem with implementing PAM afterwards or
>> >> even with implementing PAM support via a BSD Auth proxy authenticator.
>> >
>> > What sort of evidence do you need other than "some authenticators need
>> > to modify the context of the process".  You can't currently do that
>> > with the proxy scheme used by BSD Auth.
>> >
>> > If you have a solution for this problem, hey, we're all ears.
>>
>> I would say that there should be something like the setenv but instead a
>> callfunc module stringargument (module magic sent up over the fd that bi=
nds
>> togther libbsdauth and the autheticating module). And then the libbsdauth
>> lib should dlopen module in /lib/whever/lib<module>.so and dlsym
>> <somesymbol> an call that with the argument <stringargument>.
>>
>> This is of course just oneway, I guess it could be make twoway someway.
>
> Huh, that didn't make sense. ??

Right, I wasn't trying to make bsd auth implement pam, I was trying to to
add the functionallity of PAM to bsd auth (ie the ability to run stuff in
the application process).

Love


--=-=-=
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (NetBSD)

iQEVAwUAP2Ix6HW+NPVfDpmCAQJrCQgAmsQYLkmUmD+jtnt7Pr5a9v3S/ZIhWyk7
R+aQsoMrS0lK6THxF3KK7eu4HcZaPyCMpWfIgSnMnZv69WgsRlQVXlfZf+SqxhIy
KOba2Kz2a2oE8gbnH1zKdhrWhimygIU0FDozRbOS2gjWgfSCV/NJXNByJBZ93++6
3ZrWfmt1DmgfVkv/EqngpXBKo3vuQHV5RUVlH8nBEBUXtGcsb/Y4+AqCVhEcQpne
h+ykt12d423+hkuy/Gby0vO5AvmQzfVwAnJhdjwEt+VQsnKddWUAuliy7pQ0MLsp
utAkbOFkedxmYTYB+bJ+TSoBzOzYR4MKI4eFsU+eCRihAJznCuVqkg==
=6c8z
-----END PGP SIGNATURE-----
--=-=-=--