Subject: Re: integrating PAM
To: None <>
From: Dan Melomedman <>
List: current-users
Date: 01/23/2003 20:58:56
Bill Studenmund wrote:
> On Thu, 23 Jan 2003, Dan Melomedman wrote:
> > Ken Hornstein wrote:
> > > >> Sure sounds like a religious argument to me.
> > > >
> > > >What's so religious about this? If I don't want to use the PAM library,
> > > >I don't want my software to be linked against it.
> > >
> > > "Religious" in this sense means, "Having nothing to do with reason".
> > > (E.g., I have yet to see a coherent reason why having PAM in the OS
> > > could ever harm you, unless you went out of your way to hose it up).
> > >
> > > --Ken
> >
> > Reread the above sentence again. If it doesn't make a logical sense to
> > you, I can't help you.
> Reread your sentence again. You aren't reasoning that PAM is bad (or good)
> for this or that reason, you are saying you don't like PAM. That's a
> religeous reason.

Right, let's just pretend I never wrote why I don't like PAM.
I've stated many times  about its unneeded complexity, about how easier it is
to write and debug BSD Auth modules than it is to write PAM modules due to the
API, and you can read even more if you look at the August thread. Also,
if you take a look at other frameworks such as checkpassword or CVM,
they have similar advantages over PAM.In addition, take a look at
the pam_ldap module, its security history, and number of lines of code
for instance.