[rsbac] stronger authentication system

Amon Ott ao at rsbac.org
Thu Apr 29 09:35:50 CEST 2004

On Thursday 29 April 2004 09:52, sftf at yandex.ru wrote:
> AO> A stronger authentication system for RSBAC is on its way, but not
> AO> yet done.
> May i know details about it design?

There will be two solutions:

- A central authentication daemon, against which all login services will 
have to authenticate to get the required AUTH cap set. The daemon itself 
will then use available PAM modules to check the auth data. This scheme 
allows to protect all authentication data from other services and provides 
better control about the behaviour of login programs, while still 
supporting all usual Linux PAM modules.
Such a daemon is currently being developed by our company, but this one 
will probably not be available as free software.

- User management in the kernel as an optional AUTH module extension with 
all features that passwd/shadow provide. This will be free software, but 
cannot access centralized auth servers. Its implementation will start 
after v1.2.3 has been finished.

Both solutions will be accessible via PAM module.

On the way to the planned RSBAC clustering support, the kernel auth data 
will be distributed to other servers in the cluster. In the end we will 
have a centralized and highly secure auth service.

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list