OpenSSH, PAM and kerberos

[Lev Serebryakov]

Hello, Dag-Erling.
You wrote 3 сентября 2013 г., 17:22:56:

DES> sshd is just one of many applications in the system.
  Ooops. I think, have ONE daemon to provide ALL authentication is bad idea.
  It crashes. After that you could not login via console, sshd, telnet,
 whatever! Only one way -- reboot server via power button... Not good.

>> One more daemon -- one more point of failure...
DES> Or you can look at it the other way around: less copy-pasting between
DES> applications and far fewer chances to screw it up.
 login(1) works. It means, that console and telnet works. ftpd(8) doesn't
need such excessive session support (single login via ftp? Are you
kidding?). So, only sshd(8) is broken. And change (dramatically) well-known
programs (like login(1)) and introduce new subsystem to fix bug (it is
really a bug) in sshd? I don't think it is sane way to do things.

-- 
// Black Lion AKA Lev Serebryakov <lev at FreeBSD.org>