> One of the advantages of BSD Auth is that a non-setuid program can
 > do authentication checks that require setuid, because the
 > authentication program can be setuid.  I don't think PAM can do
 > this.  This might be a plus for, e.g., screen savers.

Screen savers shouldn't be doing authentication checks. Remember
lock(1)? It would ask you for a passphrase before locking. xlock 
should be exactly the same way.

-- 
   - David A. Holland             | (please continue to send non-list mail to
     dholland@cs.utoronto.ca      | dholland@hcs.harvard.edu. yes, I moved.)