[rsbac] stronger authentication system
Amon Ott
ao at rsbac.org
Thu Apr 29 09:35:50 CEST 2004
On Thursday 29 April 2004 09:52, sftf at yandex.ru wrote:
> AO> A stronger authentication system for RSBAC is on its way, but not
> AO> yet done.
>
> May i know details about it design?
There will be two solutions:
- A central authentication daemon, against which all login services will
have to authenticate to get the required AUTH cap set. The daemon itself
will then use available PAM modules to check the auth data. This scheme
allows to protect all authentication data from other services and provides
better control about the behaviour of login programs, while still
supporting all usual Linux PAM modules.
Such a daemon is currently being developed by our company, but this one
will probably not be available as free software.
- User management in the kernel as an optional AUTH module extension with
all features that passwd/shadow provide. This will be free software, but
cannot access centralized auth servers. Its implementation will start
after v1.2.3 has been finished.
Both solutions will be accessible via PAM module.
On the way to the planned RSBAC clustering support, the kernel auth data
will be distributed to other servers in the cluster. In the end we will
have a centralized and highly secure auth service.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list