Subject: Re: BSD auth for NetBSD
To: Alan Barrett <>
From: Jason Thorpe <>
List: tech-security
Date: 09/15/2003 08:07:20
On Monday, September 15, 2003, at 12:59  AM, Alan Barrett wrote:

> The people who hate dynamic linking would hate this, unless there was a
> way to staticly link some subset of PAM.  The people who hate PAM might
> be pacified if there was a way to say "the only PAM module that is ever
> allowed to run is the BSD-Auth-over-PAM proxy, and that must be 
> staticly
> linked".

My response to this is "so bloody what?"

I personally have little patience for the "anti dynamic linking" crowd, 
and whenever they mention their hate of dynamic linking, it tends to 
make me discount their other arguments as simply a ruse to further 
their war against dynamic linking.

On the other hand, your argument here also makes the point that others 
(including me) have been making for a while now, which is that is that 
BSD Auth can be implemented using PAM as the application API.  
Therefore, there is no need to provide any other "shim" APIs; the PAM 
API serves the purpose.

         -- Jason R. Thorpe <>