Subject: Re: Pluggable authentication - PAM/BSD Auth
To: Peter Seebach <seebs@plethora.net>
From: Jaromír Dolecek <dolecek@ibis.cz>
List: current-users
Date: 11/10/2000 22:12:10
Peter Seebach wrote:
> It is *very* slick.  It has the nice feature that an authentication method
> that needs setuid can, at the programmer's option, be made setuid but
> executable by everyone else - so a non-setuid program can authenticate.

This is nice feature, though the programs which do authentication
typically need suid anyway, since need to be able to switch any user context
(login, su, etc).

> BTW, almost all of the code for it is available for use in *BSD; the only
> thing we haven't opened up is the specific login_passwd, etc., programs.
> I believe that at least one of login or su is available, for instance.

Where is it possible to download this ?

> It wouldn't hurt to have support for the PAM API, but I think the BSD
> Authentication API is a lot cleaner.  I'm not entirely sure that PAM will
> "win" in the end in FreeBSD, as the engineering groups start talking to
> each other.  I certainly hope we can deprecate it, at the very least.

Where is the documentation available ?

Jaromir
-- 
Jaromir Dolecek <jdolecek@NetBSD.org>      http://www.ics.muni.cz/~dolecek/
@@@@  Wanna a real operating system ? Go and get NetBSD, damn!  @@@@