[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Support for alternate authentication
Thanks for finally providing some direction.
To those who suggested porting, Theo would prefer to see a decent design and
some newer, better code. That's a perfectly reasonable approach, considering
the criticality of the pieces we're talking about.
Other than the basic goals of which we're already aware, what kinds of things
would you need to see in a design? Are we looking at a new (and, therefore,
OpenBSD-specific) mechanism, or would you be content with a better-built
We really are asking for guidance so we can *help* (and not cause further
stress for all involved).
On Sep 1, 4:37pm, Theo de Raadt wrote:
> Subject: Re: Support for alternate authentication
> > Though we understand that there are dangers, there are many of us out here
> > need alternative authentication mechanisms for OpenBSD so that we can
> > systems into existing environments. For example, I'd like to include a few
> > OpenBSD systems into a back-end network which is primarily Cisco-based.
> > to the Cisco systems are all handled by TACACS, and I know that there is a
> > TACACS PAM module. I'd really like to be able to use it.
> > A few folks have offered do do the porting work, but we'd like to have your
> There's that damn word again. Nothing of this sort is going to be
> "ported" into OpenBSD.
> it's going to be properly designed because it ties into security-tied
> locations of the source tree, and hence it is not going to be "dropped in"
> which is exactly the quality we see when people "port" shit.
> > okay before anyone wastes time on work that may or may not be integrated
> > the distribution.
> > So far, you've been mute on the subject.
> Because everyone is offering to "port". Bah.
>-- End of excerpt from Theo de Raadt
Christopher R. Hertel -)----- University of Minnesota
firstname.lastname@example.org Networking and Telecommunications Services