Subject: Re: integrating PAM
To: Ken Hornstein <>
From: Greywolf <>
List: current-users
Date: 01/23/2003 10:39:19
On Thu, 23 Jan 2003, Ken Hornstein wrote:

[KH: So, what exactly was the back-end authentication system that PAM was
[KH: using in this case? I mean, I'm not saying PAM is perfect, but it's
[KH: really just a shim to some other kind of authentication system.  I have
[KH: a hard time believing, for example, a PAM module that implemented
[KH: the traditional Unix /etc/passwd authentication would really impact
[KH: performace at all.  And if it was something like LDAP ... is it PAM
[KH: that was at fault, or LDAP?

If PAM can be implemented as a shim, or it can just have a pass-thru-and-
don't-call-any-pam-layering kind of deal, that would be the way to go.

I.e. without it being a PITA, it would be *so* nice to have the options of

	credauth(USER, username) -> pam.auth[USER](username) ->
		BSD_authmod(username) -> getpwnam(user)


	credauth(USER, username) -> getpwnam(user)

NetBSD: The free OS with a money back guarantee!