Subject: Re: BSD auth for NetBSD
To: Jun-ichiro itojun Hagino <>
From: Roland Dowdeswell <>
List: tech-security
Date: 09/13/2003 02:36:55
On 1063431659 seconds since the Beginning of the UNIX epoch
Jun-ichiro itojun Hagino wrote:

>	we could introduce PAM and BSD auth into the system independently,
>	and let apps chose which to use (or build time option USE_PAM/BSDAUTH).

A lot of the main consumers of the client side API are in basesrc.
I think that to some degree this is going overboard---we need to
decide on what API that authentication clients are going to use
and stick with it rather than maintaining both.  As I see it we
have a choice between PAM which is used in Solaris, FreeBSD, Linux,
etc, or BSD Auth which is used in OpenBSD and BSDI.  BSDI is
officially unsupported [soon].  Given the size of OpenBSD's userbase,
if we decide to use BSD Auth we will continue to be in the unfortunate
position that hardly anything in pkgsrc will support our authentication
mechanisms.  This appears on first inspection to be a losing

    Roland Dowdeswell                      http://www.Imrryr.ORG/~elric/