Greywolf wrote:
> *sigh* I think part of the problem which keeps coming up is that PAM
> inherently depends on shared libraries -- specifically dynamic loading
> capability -- for module loading.  This is, I believe, specified in
> the API.  It is arguable from now until the Apocalypse as to whether
> or not this is a Good Idea, and why (not).

IMO one of the benefits of checkpassword, for example other than obvious
simplicity, is that checkpassword DROPS root priveleges as soon as
credentials are verified before exec()s the authenticated program.