On Thu, 13 Mar 2003, Andreas Aardal Hanssen wrote: > On Wed, 12 Mar 2003, Charlie Brady wrote: > >On Wed, 12 Mar 2003, Andreas Aardal Hanssen wrote: > >> Hi, Charlie. > >> By "invoked similarly" I mean that it is spawned through a tcp wrapper. It > >> will support privilege seperation. But I am not convinced that the > >> authenticator should spawn the daemon. > >These last two statements appear to be contradictory. I think that the > >authenticator must spawn the daemon to provide the privilege separation. > > Not at all. checkpassword spawns something, but it doesn't have to be the > daemon.
I wasn't meaning to imply that checkpassword should directly spawn the daemon. I would expect that checkpassword would spawn a chain of programs, one of which (probably the last) would be the daemon. > I see the advantages of using checkpassword with pipelining > commands such as the smtp-after-imap stuff and so on. Exactly. > But this works today by throwing in programs in checkpassword's > pipeline. Sure, but those programs can't control the daemon's execution environment, the daemon is left with too much privilege, and you have needed to supply lots of glue code. -- Charlie
