Debian Weekly News

Debian Weekly News

PAM never difference between authentication and authorization since it's useless (and dangerous!) cruft for PAM. It will not even differentiate between situation when user registered in system and when the same user typed wrong password - this is by design.

And far as for user "identified by an RSA key, who can send mail via SMTP"... this is bigger problem then you can think: pam_listfile will not help here at all. You need some way to deliver that RSA key to PAM! And since most web protocols have no support for this...