Dan Melomedman wrote:
> Because then if I want to use just BSD Auth, I can't avoid PAM. 
> Because complex on top of simple is better than otherwise for many
> other reasons.

Well, since BSD Auth cannot alter process state, which is needed
for some types of authentications (like Kerberos and AFS), BSD Auth
is not an option as the generic authentication method.

While BSD Auth PAM module might be possible, I don't think
it would be wise to ship BA PAM module and BA binaries with default
system.  We should offer only _one_ authentication interface, IMHO.
Since very few present applications use BA, there is no particular
reason to offer compatibility shim.

Jaromir
-- 
Jaromir Dolecek <jdolecek@NetBSD.org>            http://www.NetBSD.org/
-=- We should be mindful of the potential goal, but as the tantric    -=-
-=- Buddhist masters say, ``You may notice during meditation that you -=-
-=- sometimes levitate or glow.   Do not let this distract you.''     -=-