Case Study: PAM, SecureID, SASL

• All three can use the same basic structure shown before.

• Quirks:

  • PAM is tricky because it wants to talk directly with the user, so blocking network communication with the client module is required, thus server must fork.
  • PAM also requires a secured channel (SSL)
  • SecureID prefers a fork because of the significant CPU it requires to authenticate a user.
  • SASL is probably the most flexible, as several SASL methods do not require either significant computation or a secure channel to the client.

Previous slide

Next slide

Back to first slide

View graphic version