David Maxwell wrote:
> Discussions of 'how hard/easy it is to implement an authentication
> module' are not that interesting, for a couple of reasons (IMO).
> 
> (1) Far more people will use, than implement, modules - regardless of how
> easy it is. (CAD/CAM has made Automotive implementation easier than ever
> before - how many people design cars, and how many drive them?)

Authentication frameworks are not only meant for programmers, they're
there for system administrators, and programmers not directly involved
with the OS project.

> (2) I don't necessarily see advantages in making it easy for
> nieve/incompetent programmers to implement security sensitive portions
> of a system, like Authentication. Having a high barrier to entry might
> be an advantage.

So you would rather make it harder for everyone to use just because you
feel systems will be more secure when the learning curve is steep?

Hand-holding isn't NetBSD's goal, as far as I know. High barriers to entry
are concerns of commercial entities who're fighting for market share.
Making writing modules easy for system administrators, and competent or 
beginner programmers benefits administrators, and programmers. Having a high
barrier to entry benefits consulting companies only, and hurts everybody else.
Additionaly, less code needed means less bugs.

> I would say the opposite - in a security context, getting the process
> model right (securely) is hard - because you have do deal with I/O,
> uid/gid, access rights, and content parsing, for example, which you
> wouldn't have to deal with in a function called in a library.

What is so hard about writing to the pipe in the preauthenticator process,
execing the authenticator, and reading the pipe in the authenticator process?

> Making a library might require a slightly more complex Makefile, but
> really isn't that much harder than compiling a standalone app.

We're not only talking about libraries here. We're talking about
unnecessarily complex frameworks and APIs. PAM is built around shared
libraries as modules, checkpassword and BSD Auth is built around the process
model.