Subject: Re: integrating PAM
To: Dan Melomedman <email@example.com>
From: Bill Studenmund <firstname.lastname@example.org>
Date: 01/22/2003 15:51:27
On Wed, 22 Jan 2003, Bill Studenmund wrote:
> On Wed, 22 Jan 2003, Dan Melomedman wrote:
> > Because there are better frameworks than PAM, like BSD Auth, and because
> > very few people would need such rarity as AFS authentication. I think
> > most sysadmins would benefit from simplicity of BSD Auth. In other
> > words, have BSD Auth additional to PAM, but not have it sit on top of
> > it. Or have PAM sit on top of BSD Auth, and hack your rare features
> > outside of it.
> PAM on top of BSD Auth isn't really PAM, and so it's not really
> What's wrong with BSD Auth on top of PAM? If you want to do BSD Auth,
> there it is.
> I would envision that when all is said & done, that we'd ship with both
> PAM and a BSD Auth infrastructure. So an admin can pich whichever one s/he
> wants to do.
Also, part of the point of all of this is to get to something where we
don't have to "hack" new forms of authentication into the system. So
suggesting we do something where we will "hack [our] rare features outside
of it" isn't too paletable.
If we want to do something under PAM that has a PAM interface, that's
fine. Whatever we do should have a BSD Auth interface. The point is that
the first thing we do should be one of the load-modules methods.