Criticisms of PAM
Despite PAM being part of the X/Open Single Sign-on (XSSO) standard, PAM on its own cannot implement Kerberos, the most common type of SSO used in Unix environments.
Due to limits of the PAM API, it is not possible for a PAM module to request a Kerberos service ticket from a Kerberos Key Distribution Center (KDC), allowing the user to utilize the application without re-authenticating. pam_krb5 only fetches ticket granting tickets, which involves prompting the user for credentials and are only used for initial login in an SSO environment. To fetch a service ticket for a particular application, and not prompt the user to enter credentials again, that application must be specifically coded to support Kerberos, as pam_krb5 cannot itself get service tickets, although there are versions of PAM-KRB5 that are attempting to work around the issue.
Read more about this topic: Pluggable Authentication Module
Famous quotes containing the words criticisms of and/or criticisms:
“The sway of alcohol over mankind is unquestionably due to its power to stimulate the mystical faculties of human nature, usually crushed to earth by the cold facts and dry criticisms of the sober hour. Sobriety diminishes, discriminates, and says no; drunkenness expands, unites, and says yes.”
—William James (1842–1910)
“I have no concern with any economic criticisms of the communist system; I cannot enquire into whether the abolition of private property is expedient or advantageous. But I am able to recognize that the psychological premises on which the system is based are an untenable illusion. In abolishing private property we deprive the human love of aggression of one of its instruments ... but we have in no way altered the differences in power and influence which are misused by aggressiveness.”
—Sigmund Freud (1856–1939)