Bill Studenmund wrote:
> > Do most people need esoteric things like AFS tokens, or anything else
> > which can't be done with PAM? Maybe the solution is to hack the special
> > cases that PAM could do, separately from PAM, like AFS authentication.
> > This way you don't impose features most people won't even need in the
> > first place.
> 
> Huh? That didn't parse.
> 
> Do things that PAM could do, separately from PAM?? Why not just do them in
> PAM?

Because there are better frameworks than PAM, like BSD Auth, and because
very few people would need such rarity as AFS authentication. I think
most sysadmins would benefit from simplicity of BSD Auth. In other
words, have BSD Auth additional to PAM, but not have it sit on top of
it. Or have PAM sit on top of BSD Auth, and hack your rare features
outside of it.