David Carrel writes:
> >From my point of view the complexity is miniscule and the payoff large.  If
> the callout program returns 0, then the login continues and the program may
> or may not have performed certain actions.  If it returns non zero, the
> authorization fails and the login terminates.  Since the default will be to
> not have any callout program, that case is easy.  Making a shell script
> that always returns 0 (ie. may change devices, but never judges the
> validity of the user's requested access) is quite easy.

I agree with David on this. I haven't heard the greatest things about
login classes but this seems like a simple and very powerful tool for
putting hooks into logins on a per tty basis for all sorts of things
and I feel we should permit the facility to be used this way.

> I strongly disagree that there are two separate functions here.  And I
> think it's a bad design decision to split the pieces apart.  I really liked
> the original position you took that the problem solution should be simple
> and highly general.


Again, strongly agreed.

Perry