I'm going through the SASL code looking for a place to put account
management. Does anyone have a suggestion? SASL does only authentication,
using various secret mechanisms, but we need a way for the server to
reject the client after authentication succeeded. This might be because
the user's account has expired or has been suspended. So far, I haven't
found a good place to do this, other than within each of the authentication
mechanisms.
I notice also that a main feature of SASL is that it engages in a
dialogue with the client. PAM also does this through its conversation
function. Could SASL be made into a PAM module? Is PAM adequate for
this purpose?
--
-Gary Mills- -Unix Support- -U of M Academic Computing and Networking-
