2011-10-09 09:35 AEST by Arthur Barrett - We already support PAM for pluggable authentication on Linux, but nothing on windows.

What if we wanted to authenticate users to cvs.cvsnt.org based on whether they have purchased CVS 
Suite, and/or their support is current?  This would probably be done as a call to a web service.  

In theory we could implement it as an authentication service via PAM if the host is running a linux 
instance that supports PAM.  But what if PAM is not available, eg: on windows, or a secure linux (or 
maybe even a cloudy linux instance).  Should CVSNT have its own authentication API? How will this relate 
to SSPI and PSERVER protocols (currently protocols each implement their own authentication don't 
they?). What about SSH?  If the server doesn't support PAM do we assume it doesn't support SSH?

Performance could be a big problem here too.  With stateless connections the authentication needs to 
happen very very quickly.  Authenticating to Netsuite would possibly be very slow.  Should the 
authentication be to a local cache, and only if the cache fails or out of date by more than 24 hours 
should it be updated?