Nicolas Williams wrote:
The goal of Project RENO [0] is to facilitate interoperability with
Active Directory (see project WINCHESTER [1]), as well as with any
directory that requires "self-credentialed" lookups [2] for information
relevant to the login process, and the DCE model of distributing such
information with authentication tokens.
Project RENO involves a revamp of the Solaris login infrastructure,
specifically:
- providing a link between network authentication frameworks and PAM,
and
- providing a "subject" object output from PAM by which PAM modules may
describe Unix user accounts.
Support for use of these facilities by Solaris PAM modules and Solaris
PAM applications in the ON consolidation is included. Backwards
compatibility is preserved for all PAM applications in environments
where they currently function properly.
Initially only network authentication through the GSS-API will be linked
into PAM. PAM items will be added by which applications may pass
GSS-API mechanism OID, remote principal name and delegated credential
objects to PAM modules.
Closely related to project RENO is Per-User PAM Configuration [3] which
allows for canned PAM configurations to be selected according to user's
user_attr(4) entries, with defaults provided by profiles listed in
policy.conf(4).
I'll second.
Is a project plan currently in the works or available? I'd like get a
better idea of what this would entail. Great detail as to how
Winchester depends on this project would be of great interest to me.
benr.
_______________________________________________
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
