Subject: Re: integrating PAM
To: <>
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
List: current-users
Date: 01/23/2003 12:42:21
>Then, I have to consider kerberos, NFS and AFS broken by design. Maybe
>they should be fixed in the first place (this happening is of course
>very unlikely).

Have you considered the possibility that BSD Auth is broken by design?
Kerberos, AFS, RADIUS, and NFS were all around way before it.

And I guess I'm having a hard problem understand your objection to a
BSD Auth PAM module.  You said, "I can't avoid dealing with PAM" ...
what exactly do you have to "deal" with?  You set up _one_ thing, then
go use BSD Auth to your heart's content.  You even get to take
advantage of the large software base that uses PAM today, without
having to convert it over to BSD Auth.

(FWIW, if we were going to implement PAM, which I think is reasonable,
I think that we should ship with a BSD Auth PAM module; that would make
almost everybody happy, I think).

--Ken