Ross Patterson wrote:
> > BSD Auth has immediate
> > advantages for the common system administrator who would rather write a
> > simple interpreter script than wait for someone to write a large and comlex
> > PAM module such as pam-ldap.
> 
> I'm sure it does.  I've written PAM modules in another life, and I wouldn't 
> wish the creation of an LDAP-authentication client on my worst enemy, 
> regardless of the environment it hard to operate in.  Thank goodness PAM 
> already has one! (A quick Google search makes it seem like BSD Auth doesn't - 
> correct?)  But pam_ldap and the "traditional Unix authentication" module 
> pam_unix are about as complicated as they get, and I can't imagine NetBSD 
> would ask a sysadmin to code either of those for BSD Auth or for PAM.
> -- 
> Ross A. Patterson

I won't use PAM or pam_ldap.
I would rather write a script in some language which talks LDAP such as perl or
python, and it would take me an hour to do it, and be custom
tailored to my needs. I can't do this with PAM, but I can with BSD Auth.