Hello Ashwin! From what you describe, I think you'll need to implement both PAM and GSS-API support for your security mechanism. The reason is that PAM and GSS-API are two quite different things. They are not two solutions to the same problem.
Would PAM in someway need to interact with GSSAPI or can the security mechanism be directly implemented in a PAM module ?
You'll need PAM for local host-login to the system. If your security mechanism can verify passwords, having a PAM mechanism will solve the problem for ssh servers too.
does this mean that ssh uses pam based authentication...if i am not mistaken openssh has gssapi support in that too...not sure which one is being used now..
You'll need to write a GSS-API mechanism for NFS and SSH, especially if your security mechanism is not based on passwords. Fortunately, both NFS and SSH support GSS-API, but for some other protocols (e.g., TLS or EAP) you'll have add support for your security mechanism directly since there is no standard way to use a GSS-API mechanism in those protocols.
as of now I am more concerned with getting this working with SSH and NFS...so from your comment I think GSSAPI should solve my immediate problem...
I hope this helps. If you want write your GSS-API mechanism and ship it with GNU GSS, that would be a welcome contribution! The intention is that GNU GSS should be a flexible plugin-architecture for all kinds of GSS-API mechanisms. I have thought about a dlopen() approach, which would allow you to hook into GNU GSS at run-time, without having a link-dependency between GNU GSS and your project, which sometimes (especially when packaging the both projects for Debian etc) can be beneficial.
Thanks a lot for the information Simon.I would love to have this ship with GNU-GSS but I guess there is still a long way for me to go in implementing this. I still need to fully understand the internals of GSSAPI before I have this ready. I shall get back with further queries if I have any , once I start the implementation.
/Simon
-- Impossibility is a relative concept _______________________________________________ Help-gss mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gss
