Thus spake Peter Seebach ("PS> ") sometime Today...

PS> So, we may end up wanting
PS> 	#if defined(BSD_AUTH) && defined(PAM_AUTH)
PS> 		/* nssswitch-style code */
PS> 	#else if defined(BSD_AUTH)
PS> 		/* call BSD auth */
PS> 	#else if defined(PAM_AUTH)
PS> 		/* call PAM */
PS> 	#else
PS> 		/* just grovel in spwd.db */
PS> 	#endif
PS>
PS> Not because it's the cleanest, or the best, but because it's the best we can
PS> do.

Surely one of (PAM_AUTH||BSD_AUTH) can handle the local lookup part as well?

...or Did I Miss Something Here? [TM]

FWIW, maybe I don't know enough about PAM to have a clear reason as to
"why not" -- as I mentioned, I've had bad experiences.  That only makes
it "bad" from MY point of view, and unfortunately that's all I have
to go on.

If we have both available then we cover all bases, but I think that's
both obvious and a restatement.

My question is:  Do we need to reinvent the wheel to create a stable
API (in the wake of the "Well the existing implementations suck"
which are shared by a lot of people)?  I seem to remember someone
(Bill?) suggesting that we don't need to use the existing code as long
as the API matches up.

				--*greywolf;
--
NetBSD:  For IQs higher than 120.