Re: security and multi-user

From: Miguel de Icaza <miguel nuclecu unam mx>
To: gnome-components-list gnome org
Subject: Re: security and multi-user
Date: Tue, 17 Mar 1998 02:02:53 -0600



> My first thoughts are that if I use unshared objects that I can
> use some username/password simple auth and check that auth has
> been done to the top of every function.
[...]
> the implementation would be something like:
> 
> char* AddressBook::search (const char *regex) {
>   if (!auth_ok())

You would only need to do authentication at object creation time.

Now, what I think we should do is write a nice set of wrappers that
would hide all of the authentication complexity behind our nice api.

I am thinking right now that we could have an agent, pretty much like
the ssh-agent, to which you authenticate initially.  Once you have
authenticated to this "security" agent, you use the IOR of this agent
to get new references to objects.  The agent would do all of the
authentication and access granting for you and finally return you an
object reference to an initialized widget.

> crypt methods could be somewhat pluggable so they can range from
> plaintext to whatever works.

Use PAM, default to crypt on systems without it.

Miguel.

Follow-Ups:
- Re: security and multi-user
  - From: Shawn T. Amundson

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]