In message <Pine.NEB.4.10.10006142225070.3369-100000@love.warhead.org.uk>, Al W
illiams writes:
>Straw poll: would people prefer a compatible system, ie a clone of the
>BSD/OS mechanism, or a radical new spangling system of my design?

I would very-much-prefer a "compatible" system, simply because I want to
share code.  The BSD/OS system has been in use for a couple of years, and no
one has reported any design problems yet.  :)

>My radical system would probably be usable for SASL-type stuff, eg IMAP
>CHAP and so on - a very generic API for authentication protocols, which
>can be used by "prompting a human being" front ends or more abstract
>client->server protocols.

The BSD/OS one seems to do okay with this.  e.g., we've done fine using
login_passwd and login_rpasswd as authentication methods for RADIUS; lots
of people use either of them.  Certainly, all of the standard services
are smart enough to go through the auth library to get their authentications.
There's an interface full of auth_foo calls in libc; it does all sorts of
things, and the code looks to be labeled with a traditional BSD license,
so it's available for use.

Disclaimer:  I work at BSDi, and I may be biased.  Despite that, I'm speaking
in no official capacity.

-s