> Is this a proprietary solution? The client side (the PAM plug-in that runs on Linux) is open-source. In the example we talked about below, the *server* - which is an integrated feature of our ACF2 (or our other security products) - is proprietary, but there's no reason that IBM (or anyone else) couldn't develop an alternate server of their own. In this regard, our PAM plug-in is exactly like what you're using for LDAP: the protocol and clients are open-source, but the LDAP server implementation (whether you use IBM's or ours) is proprietary.
> How would the CA "Direct-to-ACF2/TopSecret" solution be faster? The short answer is that our protocol is more efficient because it's tailored to the specific needs of a Linux user logging on through PAM. In contrast, LDAP is a general purpose function capable of much more than just authenticating Linux users, and this added complexity makes it less efficient. Since ACF2 includes both LDAP and direct PAM interfaces, you could certainly setup both and compare...I believe you'll see less CPU utilization and network traffic with our PAM solution. Vince Re Computer Associates
