Subject: Re: "BSD Authentication"
To: None <seebs@plethora.net>
From: Ted Lemon <mellon@hoffman.vix.com>
List: current-users
Date: 11/23/1998 14:38:14 
> >	- Do we need this functionality at all?
> 
> Probably not, but it might make new authentication styles a lot easier.

If the answer is really "probably not," then we don't need to discuss
this any further.

> >	- What are the strengths of PAM?
> >	- What are the strengths of the BSD code?
> >	- Of these, which are relevant to us?
> 
> That's one that can be argued only by people who've used both.

Au contraire - the idea is that people who've used PAM can say what
its strengths are (i.e., what it does for them) and people who've used
the BSD/os code can do likewise.   Then, given that we have a
statement of purpose (why we are integrating this code), we can see
how PAM and the BSD/os code measure up to the statement of purpose,
and based on that we can decide what to do.

> I think one of the main uses would be larger networks which want to do more
> significant authentication services.  The ability to drop in wrappers on
> schemes is very nice.  I'm not sure how PAM does that.  Does anyone know
> how, using PAM, you'd generate a scheme which was {in business hours,
> use this other scheme, otherwise, reject}?

This is very abstract.   Can you say how you, specifically, would use
it, or how somebody you specifically know would use it?   I really
think you should be able to answer the question "what are you going to
do with this" with a clear, specific answer before you can claim that
it should be integrated.

> One other thing I've noticed is that I think either can be used to implement
> the other.  So, we might do both, just from a "make things easy for lots of
> admins" standpoint.

Historically this hasn't been how we've operated.

> I like the fact that BSD Authentication can allow non-setuid programs to
> perform authentication checks that need root privs.  I also like the fact
> that catastrophic failures in authentication schemes have no effect on the
> program running them.

On the other hand, this makes seamless trojan horses a lot easier to
write.   WRT authentication in particular, making things possible that
weren't previously possible isn't *necessarily* a good thing.   This
isn't a path on which we should embark lightly.

			       _MelloN_