Subject: Re: "BSD Authentication"
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Ted Lemon <mellon@hoffman.vix.com>
List: current-users
Date: 11/23/1998 10:55:52
> On the nontechnical side, it seems that PAM is beginning to become a
> de-facto standard.  I'm not sure how much weight should be given to
> that; if we go for "de-facto standard", we should just support Windows
> DLLs and be done with it.  One of the things NetBSD is about, as I
> understand it, is technical excellence.

I think this is a misleading argument - Windows is not a de facto Unix
standard.   Something technically excellent in Windows probably can't
be imported into NetBSD, so bringing Windows up in this context just
obscures the point.

What I would say is a good measure of whether or not to incorporate
PAM or the BSD/os code is:

	- Do we need this functionality at all?
	- What are the strengths of PAM?
	- What are the strengths of the BSD code?
	- Of these, which are relevant to us?

I would argue that we should have a fairly convicing argument for why
we need code of this type before we try to incorporate it - we
shouldn't do it "because the other BSDs do it."   *That* is where our
high technical standards come into play.

If we do decide that we want to do it, we should carefully consider
the pros and cons.   How does adding this code affect the
configurability of NetBSD?   How easy is it to misconfigure the code?
How much easier is it to configure new authentications schemes?   How
will these configurable authentication schemes be used in practice?
Is there a customer for this functionality?   From that customer's
perspective, is PAM better than BSD/os?

My general impression at this point is that PAM is a lot easier to
configure than BSD/os.   Can people confirm or counter that
impression?   Having said that, I don't think anybody's identified a
customer for this feature, although several people have individually
said that they would like it.   Who is the customer for this?

			       _MelloN_