Subject: Re: integrating PAM
To: NetBSD-current Discussion List <current-users@NetBSD.ORG>
From: Bill Studenmund <firstname.lastname@example.org>
Date: 01/22/2003 14:58:13
On Tue, 21 Jan 2003, Greg A. Woods wrote:
> Note BSD Auth can use PAM modules, but as I understand it, not the other
> way around (and of course it doesn't make even the remotest bit of sense
> to do it the other way around anyway).
You could easily have a PAM module that talked to BSD Auth code, and I
think our plan is to have one so that we gain BSD Auth support.
The thing that BSD Auth fundamentally lacks is that it doesn't let you
modify the authenticated process environment. Like you can't inject AFS
tokens, etc. Which is why we want to do PAM; you can layer BSD Auth (with
all of its functionality) on top of PAM while you can't layer all of PAM
on top of BSD Auth.