Noriyuki Soda wrote:
> So, that the difference, that there is only 1 setuid root progarm with 
> PAM vs 6 extra setuid programs and 7 extra setgid programs with BSD
> auth, remains with the non-privileged raidus server.

But they should be very easy to audit, and they should drop root ASAP,
again without having access to the address space of the services/clients
being authenticated.

The issue also the complexity of PAM modules vs. complexity of the BSD Auth
modules, which are often just simple interpreter scripts, and are easy to
audit. PAM modules of course can't be simple scripts. Someone here has
the "end-users are stupid, and it should be difficult to write secure
software for them" idea, but that idea is ridiculously flawed as well.