Re: Questions about PAM, GDM and gnome-screensaver


On Dec 19, 2007 3:05 PM, Brian Cameron <Brian Cameron sun com> wrote:
> For one thing I think there is a pretty significant difference in
> how "Trusted Path" is considered by Linxu vs. Solaris:
> Linux   - The goal seems to be to avoid running process with privilege,
>            even when doing security sensitive functionality like PAM.
> Solaris - The goal is to ensure that the interaction cannot be
>            tampered with or disclosed.  This takes priority over any
>            risks running PAM itself with lower privilege.  That said,
>            Solaris does support "least privilege" for ensuring that
>            PAM modules can be implemented to run with as little
>            privilege as possible regardless who calls it.

Can you please describe why you think that what you are doing now can
be considered using a Trusted Path?  Also please describe your plan
for how you think we can achieve a trusted path for reauthentication
and credential renewal while operating within a user's graphical
session.  And I'd appreciate it if you could specifically address some
of the points raised by Ray and others in previous threads.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]