Bill Studenmund wrote:
> tokens, etc. Which is why we want to do PAM; you can layer BSD Auth (with
> all of its functionality) on top of PAM while you can't layer all of PAM
> on top of BSD Auth.

Do most people need esoteric things like AFS tokens, or anything else
which can't be done with PAM? Maybe the solution is to hack the special
cases that PAM could do, separately from PAM, like AFS authentication.
This way you don't impose features most people won't even need in the
first place.