Subject: Re: PAM
To: None <current-users@netbsd.org>
From: Dan Melomedman <dan%dan.dan@devonit.com>
List: current-users
Date: 09/25/2002 15:04:00
Jaromir Dolecek wrote:
> Dan Melomedman wrote:
> > Kerberos would work just fine with an exec chain design. And I am still
> > not sure why AFS wouldn't. You simply modify process state through
> > environment, then executed job would do its thing.
>
> Nobody is going to rewrite all programs needing authentication to do
> exec chain. That's just not realistic. And I seriously doubt code
> using exec chain would be sanely maintainable.
Why? /usr/bin/login writing username/password pair to a known file
descriptor and fork/execing an authenticating process is somehow
convoluted or not straight-forward? Unmaintainable? Hardly so.