Subject: Re: integrating PAM
To: Dan Melomedman <firstname.lastname@example.org>
From: Greywolf <email@example.com>
Date: 01/23/2003 10:33:05
On Thu, 23 Jan 2003, Dan Melomedman wrote:
[DM: > >You don't understand. I want to avoid using PAM alltogether. I want to
[DM: > >use better mechanisms, like checkpassword or BSD Auth _without_ PAM.
[DM: > >Period.
[KH: > I understand that's what you want .... but what you haven't really
[KH: > explained is why. I mean, a PAM module that implements BSD Auth will
[KH: > work for apps that today make PAM calls. If you have your own code
[KH: > that you want to convert, just make it do BSD Auth. What, exactly, is
[KH: > the problem? As far as I can tell, it basically boils down to
[KH: > "Applications that call PAM functions really chap my ass".
[DM: What it boils down to is the PAM library will be linked into every
[DM: relevant executable in NetBSD, forcing people to work around this if
[DM: they don't want it.
I'm with Dan on this. I don't want PAM as a required authentication layer
underneath BSD Auth. I do not intend to run PAM if I can in any way,
shape or form avoid doing so. But I would be sorely disappointed if it
was not pluggable/unpluggable without a great deal of effort.
NetBSD: Feed The Computer.