Subject: Re: PAM
To: John Nemeth <jnemeth@victoria.tc.ca>
From: Chuck Yerkes <chuck+nbsd@snew.com>
List: current-users
Date: 09/22/2002 07:43:59
Quoting John Nemeth (jnemeth@victoria.tc.ca):
> On Jan 19, 6:33am, Giles Lean wrote:
...
> } The only implementations of the PAM framework that I know about are
> } commercial (Sun, HP, ...) and GPL (Linux).
>
> Actually, linuxpam has the three clause BSD licence. I believe it
> was originally developed for BSD. It's licence says that alternatively
> it can be distributed under the GPL. This is probably to keep the
> Linux people happy.
Old, but I'm catching up...
According to an entertaining Ted Tso talk at a 1997(?) Anaheim
Usenix, Solaris came up with PAM. As he was *at* Sun consulting
with them on some Kerberos stuff, they showed it to him and
gave him some basic API information. Intrigued, he brought
it back with him and got some folks interested. 5 months
later, PAM was in Linux. 6 months after THAT, it came out for
Solaris.
One of the goals was to abstract authentication from the various
things that needed it. At the time I had folks logging in by s/key
, challenge/response device or Kerberos, sometimes depending on
where they were. The notion of PAM was a godsend. The implementations,
less so. Linux PAM != Sun PAM != FreeBSD PAM. Alas, a lack.
It appears okay to use, per the FreeBSD code. It would be really
nice to have ONE PAM implentation that works across different Unixs.
NetBSD, being a bit marginal, would benefit from being able to snag
PAM modules from the more mainstream OSs and have them "just work"
- having a good LDAP auth or, heck, retinal scanner auth module
that didn't have to be rewritten per platform would be Good. But
the Unix coldwars rage on and this will never happen. And windows
marches on.