Subject: Re: PAM
To: None <>
From: Noriyuki Soda <>
List: current-users
Date: 08/28/2002 00:52:46
>>>>> On Wed, 28 Aug 2002 00:42:00 +0900, said:

> > 	* PAM modules
> 	a bit off topic: was it decided to introduce PAM? 

It isn't decided, yet, as far as I know.

>	I don't like PAM,
> 	and I prefer BSD auth.  (i remember soda-san didn't like BSD auth
> 	for additional setuid binaries, but i think the benefit overweighs
> 	the addition of setuid binaries)

As you know, I don't like BSD auth.
- IMHO, it's less secure than PAM.
  One of this reason is additional 10 set[ug]id binaries in BSD auth.
  But I have other things to worry about BSD auth.
- BSD auth cannot correctly handle authenticaion methods which need to
  modify process status for authorization (like some kerberos
- PAM is standard. We have to support it anyway.