[prev in list] [next in list] [prev in thread] [next in thread] 

List:       argante
Subject:    [argante] random, delusional thoughts
From:       James KEHL <s4012408 () student ! uq ! edu ! au>
Date:       2002-06-11 3:24:59
[Download RAW message or body]


#2 open for volunteers, #3 and #4 open for discussion.

1. LAC2, optimizing compiler, is coming (slowly, but will be out before
Christmas :) FEAR!

2. Need a network module - preferably using FlexSock, which needs to be
made reentrant. SSL support would also be nice. Anyone?

3. rIPC. There's a couple of thoughts in the docs on a p2p-style
network arch (hub protocol), but none on the client protocol. I'd also
like people's thoughts on how IPCr2 should work. (Some OO support would be
nice...?)

4. Authentication Daemon. Just a crazy thought, very futuristic, given
there is not even a shell yet.

I have at least 3 programs on my system which try and parse
/etc/passwd|/etc/shadow.

This is ugly code duplication. Requiring SUID privs for vlock/xlock is
worse. If, instead, I use PAM, the root password cannot be used to unlock
a screen - if root didn't have better things to do than unlock screens!

So Argante should use a daemon for controlling the user databases. No
SUID/special privileges required, which is good, considering we use
trapdoor model...

There are users (with passwords), groups (with users), and
various attributes defined for all. Perhaps login even loads a HAC from
here.

Also an "override" for each service can be defined. So when Luser
locks their screen trusted people can still log them out (they have got
xlock_override_logout attribute set) and ultra-trusted people can break
the lock.

I should read up on Kerberos, too...

James.

-- -----------------------------------------------------------------------
   Unsubscribe: mail argante-request@linuxpl.org -s unsubscribe </dev/null

[prev in list] [next in list] [prev in thread] [next in thread]