Subject Re: [Firebird-Architect] LDAP authorization (was Digest Number 1076)
Author Jim Starkey
David Johnson wrote:

>The PAM's can be implemented as a .so (*nix) or .dll (windoze). The
>technical issue that remains is how to make it possible to migrate
>security without making the plugin architecture itself a security hole.
>The design needs to ensure that some goofball couldn't make a "security"
>module that let everything pass.
Let's be clear that the Vulcan security plugin architecture is not
related to the Linux PAM stuff, those a security module could (and
should) be implemented to use PAM.

That said, the loadable module file name will be defined in the
<SecurityPlugin xxx> object and referenced by name by the <Database yyy>
object in the configuration file. If a goofball with write access to
the server configuration files wants to make a security modules that
lets everyone pass, we give him the tools to do so.