Subject: Re: PAM
To: None <>
From: David Maxwell <>
List: current-users
Date: 09/25/2002 22:09:09
On Wed, Sep 25, 2002 at 09:06:07PM -0400, Dan Melomedman wrote:
> Jim Wise wrote:
> > The large number of PAM modules out there, compared to the small number
> > of programs using exec-chaining suggests otherwise.
> Exec chains are used for software packages - they're portable, easy, and
> simple. qmail, qmail-ldap, twoftpd, curier, curier-imap,
> sqwebmail, fgetty, all use these for authentication just to name a few.
> Easy to debug, easy to set up, and run on almost any Unix.
> Can you say the same about PAM? Didn't think so. Who says you can't
> apply the same approach to OS utilities?

You've done such a twisted job of ignoring the facts that I will be
shocked if Jim thinks it's worth replying to that, so I will :-/

Sure, each of those apps may use exec chain authentication - _but they
each have their own implementation of it_. You use the word 'portable',
but you ignore the fact that none of those apps share authentication
code with each other, and there's no standard for doing so.

"Easy to debug" - yes, most software problems are easy to debug, but
while you're fixing the SEVEN different exec chain authentication
systems above - Jim would fly by you, debugging ONE PAM module.

David Maxwell,| -->
If you don't spend energy getting what you want,
	You'll have to spend it dealing with what you get.
					      - Unknown