| Subject | Re: [Firebird-Architect] LDAP authorization (was Digest Number 1076) |
|---|---|
| Author | Jim Starkey |
| Post date | 2005-08-22T11:24:17Z |
David Johnson wrote:
related to the Linux PAM stuff, those a security module could (and
should) be implemented to use PAM.
That said, the loadable module file name will be defined in the
<SecurityPlugin xxx> object and referenced by name by the <Database yyy>
object in the configuration file. If a goofball with write access to
the server configuration files wants to make a security modules that
lets everyone pass, we give him the tools to do so.
>The PAM's can be implemented as a .so (*nix) or .dll (windoze). TheLet's be clear that the Vulcan security plugin architecture is not
>technical issue that remains is how to make it possible to migrate
>security without making the plugin architecture itself a security hole.
>The design needs to ensure that some goofball couldn't make a "security"
>module that let everything pass.
>
>
>
related to the Linux PAM stuff, those a security module could (and
should) be implemented to use PAM.
That said, the loadable module file name will be defined in the
<SecurityPlugin xxx> object and referenced by name by the <Database yyy>
object in the configuration file. If a goofball with write access to
the server configuration files wants to make a security modules that
lets everyone pass, we give him the tools to do so.