> 
>      PAM modules are shared libraries that are dynamically loaded at
> run time.  Which modules/libraries get loaded and in what order is
> determined by a configuration file.  This can be determined on a per
> app basis
> 
>      A "files" module would most likely simply use getpwent() or
> directly read /etc/spwd.db.  Obviously for this to work the program
> doing the authentication would have to be running as root.  

This could be handled with 'systrace' policies and privilege elevation,
couldn't it?

David S.

> However,
> there is nothing stopping a module from fork()ing and exec()ing a
> setuid helper app.  But, as I noted earlier, then you have a different
> problem, which is secure inter-process communication.
>