Jens and Sam,
> Jens> My zeroth thought on the matter was that there must be a
> Jens> low-hanging PAM module using GSS somewhere which could be
> Jens> adapted to use Moonshot.
>
> Not very likely.
> You actually could design such a module for password-based auth.
> The issue though is that what do you do in cases where it's not a
> password that is being used for credentials.
>
If I recall correctly, the use case that was discussed at the Moonshot
workshop in London was slightly different - and inspired by the Globus
X509 based GSI-SSH code.
Rather than simply offloading password authentication onto a RADIUS
server, we discussed authenticating the user first via Moonshot and *then*
mapping some RADIUS attributes locally to assign them a local user id.
- Jason
|