[Pubcookie-dev] users plugin area
russ at hawaii.edu
Fri Jan 10 10:49:14 PST 2003
The use of PAM is fine and, as Gary points, out it is not shackled
by having to run as root.
With respect to PAM's other capabilities, it is my understanding
that with WebISO we should be focusing on authentication and not
authorization. Shibboleth is where authorization blooms.
On Fri, 10 Jan 2003, Gary Mills wrote:
> On Thu, Jan 09, 2003 at 12:01:22PM -0800, RL 'Bob' Morgan wrote:
> > PAM is also interesting, as Maurizio mentions, because it can do password
> > changing as well as password verification. I'd like to see pubcookie
> > support password-changing, since it seems to be a natural complementary
> > service to logging in. At UWash we have a separate password-changing web
> > page for historical reasons; I'd think new pubcookie-using sites might
> > want this from their weblogin service. This would, given our current
> > design, presumably mean update_foo routines in parallel to our verify_foo
> > routines.
> PAM is also interesting because it can do authorization as well as
> authentication. PAM's account management functions can be used for
> this purpose.
More information about the pubcookie-dev