Subject: Re: BSD Authentication
To: None <current-users@netbsd.org>
From: Peter Seebach <seebs@plethora.net>
List: current-users
Date: 09/07/2003 02:53:55
In message <20030907074114.CABFEA630@zen.crufty.net>, Simon J. Gerraty writes:
>>I dunno how much code PAM is, but a hair over 45k of code which hasn't needed
>>to be updated in a long time seems pretty small and fairly stable.  (I don't
>>currently have access to that CVS tree, so I can't actually tell you whether
>>there's been recent changes, but I doubt it.)  And, of course, this being
>>BSD-license code, the copyright notices are fairly big, so the code isn't
>>as big as it looks.  Including copyright notices, it's 1,930 lines of code.
>>So, how big is PAM?

>About 4300 lines for the library plus 470 lines for the radius module
>for example.

It'd be interesting to compare notes on where the code and complexity go
in each of these, although probably way way too much work.

Hmm.  Come to think of it, /usr/sbin/login is also currently open-source
enough to be looked at, if anyone's curious.

The radius module for bsd_auth is:
$ wc *.c
    169     557    3989 login_radius.c
    345    1932   10706 md5.c
    554    1577   11960 raddauth.c
   1068    4066   26655 total

Comparable in size.  By contrast, login_passwd:

    172     515    3654 login_passwd/login_passwd.c

That's the entire module.  :)

The login_foo modules are not open source, but they're easy enough to
duplicate.

>For sure, but most folk will use only one or two modules.

Understood.  Still, I don't like the idea that a bug in a module can
do anything it wants in my address space...

>We use radius, tacplus, and unix and that's been the case
>for years.  So PAM is twice as big (or more), but no less stable.
>I dare say if BSD Auth had existed 6 years ago (or we'd known about it)
>we might be using that...

It actually came into existence in '95, according to the copyright dates.
Unfortunately, it didn't get freed up until after PAM was a big enough name
to create a conflict about which one to merge.

-s