>Well, it can be.  In a way, the "conversion" thought could be reversed:  a
>pam/bsdauth.so wouldn't be unthinkable, or for that matter a pam/script.so.
>PAM's benefit is the minimal amount of interfacing that has to be done, as
>no pipes or sockets are involved to talk to the authentication code, but its
>biggest drawback is the problem that we can't use .so's in statically linked
>binaries--at least not easily.

Statically linked code can't call dlopen()?  Why not?

My $0.02 cents.  I think the BSD Authentication stuff could perhaps
co-exist with PAM, but I think PAM is a much better choice, since it's
relatively reasonable and it's what everyone else is going with.  PAM
is on my list of things to do after Kerberos 5 (assuming we're still
doing Kerberos 5, that is).

--Ken