Subject: Re: BSD auth for NetBSD
To: Gabor Nyeki <>
From: Greg A. Woods <>
List: tech-security
Date: 09/13/2003 14:25:10
[ On Saturday, September 13, 2003 at 19:29:37 (+0200), Gabor Nyeki wrote: ]
> Subject: Re: BSD auth for NetBSD
> I'm not sure, but if PAM is more flexible than BSD Auth, then why don't we
> use PAM?

Well, except for Todd's rather obtuse attempt to give an example of
where PAM might have a leg up on BSD Auth, every other indication is
that PAM really isn't any more flexible than BSD Auth

Indeed the way PAM offers flexibility is really just a wide open mine
field and not a concrete approach to being more flexible while still
maintaining control and security in this most sensitive area.

>  Doesn't it fit in the design of NetBSD?

Well, that's really a non-starter.  Better to ask which meets the
prioritized goals documented for the NetBSD project.

I won't go into detail but suffice it to say that I believe BSD Auth far
more closely meets those goals than PAM ever can.

> Or is BSD Auth cleaner and easier to implement and use?

almost infinitely so on all fronts!  ;-)

						Greg A. Woods

+1 416 218-0098                  VE3TCP            RoboHack <>
Planix, Inc. <>          Secrets of the Weird <>