Re: Questions about PAM, GDM and gnome-screensaver

From: "William Jon McCann" <mccann jhu edu>
To: "Brian Cameron" <Brian Cameron sun com>
Cc: screensaver-list gnome org, Gary Winiger <gww eng sun com>
Subject: Re: Questions about PAM, GDM and gnome-screensaver
Date: Wed, 19 Dec 2007 18:32:07 -0500

Brian/Gary:

On Dec 19, 2007 3:05 PM, Brian Cameron <Brian Cameron sun com> wrote:
...
> For one thing I think there is a pretty significant difference in
> how "Trusted Path" is considered by Linxu vs. Solaris:
>
> Linux   - The goal seems to be to avoid running process with privilege,
>            even when doing security sensitive functionality like PAM.
>
> Solaris - The goal is to ensure that the interaction cannot be
>            tampered with or disclosed.  This takes priority over any
>            risks running PAM itself with lower privilege.  That said,
>            Solaris does support "least privilege" for ensuring that
>            PAM modules can be implemented to run with as little
>            privilege as possible regardless who calls it.

Can you please describe why you think that what you are doing now can
be considered using a Trusted Path?  Also please describe your plan
for how you think we can achieve a trusted path for reauthentication
and credential renewal while operating within a user's graphical
session.  And I'd appreciate it if you could specifically address some
of the points raised by Ray and others in previous threads.

Thanks,
Jon

Follow-Ups:
- Re: Questions about PAM, GDM and gnome-screensaver
  - From: Brian Cameron

References:
- Re: Questions about PAM, GDM and gnome-screensaver
  - From: Brian Cameron

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]