IMHO, the next version of EFS should only support Kerberos. If anybody wants to keep the password caching, stay with the current version of EFS. Keep the PAM support, who knows what else might be plugged in later on.
On Jun 10, 2010, at 11:26 PM, Phillip Moore wrote: > Now that we have Kerberos authentication, I don't want to rip out the PAM > support, since non-Kerberos enabled sites should be to use EFS. > > But, given the ugliness and complexity of the password caching code, and the > fact that every last security expert won't like it (and we don't have much > grounds to argue with them), why not just trash it? > > IOW, you'll still be able to authenticate password in efsd via PAM, but the > client will require you to submit the password every time, instead of caching > it (or attempting to) in ~/.efsconfig. > > Thoughts? > > _______________________________________________ > EFS-dev mailing list > [email protected] > http://mailman.openefs.org/mailman/listinfo/efs-dev _______________________________________________ EFS-dev mailing list [email protected] http://mailman.openefs.org/mailman/listinfo/efs-dev
