Subject: Re: BSD auth for NetBSD
To: Roland Dowdeswell <>
From: Greg A. Woods <>
List: tech-security
Date: 09/15/2003 12:07:55
[ On Sunday, September 14, 2003 at 22:24:49 (-0400), Roland Dowdeswell wrote: ]
> Subject: Re: BSD auth for NetBSD 
> None of the programs that you pointed to actually contain working
> Kerberos 5 password validation code.

I didn't say they did -- I said they supported "kerberos".

You're the one who failed to include a version specifier in the first
place, and I'm not going to allow you to get away with picking stupid
nits like as a result even if it means I have to do the same in return.

>  And some of them didn't even
> contain Kerberos 4 password validation code.

The current copy of xdm (xsrc/xfree/xc/programs/xdm) and the current
version of xlockmore in pkgsrc both support kerberos.

> I've actually read the code and tried to get it to work,

So, "tried"?  You gave up?  It appears not.  If you succeeded then the
fact you're effectively witholding your changes is making your whole
argument look rather hypocritical.

> Yes, and I did.  I put a pointer to my work in the e-mail to which
> you replied.  By the time that I was done, I had pretty much thrown
> away the code that they provided because it was too old and tangled
> in with other functionality which hasn't worked in a decade to fix.

Ah, well, there you go.  Did you see this old message before you
started?  Perhaps not given that you re-did some of the same work over a
year later.

Will probably should have used send-pr, and maybe eventually did (as I
didn't check).....

> I didn't check it in because fixing it that way is suboptimal.
> The right way to fix it is to provide a PAM client side API as part
> of the base OS.

Nope, Bzzzt.  WRONG.

There is _still_ no PAM client API in the base OS.  The only right fix,
right now, is to use the existing APIs in the existing applications.

Anyway, you started this by complaining about what you thought was a
lack of support for native authentication APIs (i.e. not frameworks) in
third party applications in pkgrsrc.  I then showed you that all the
major ones already had support for all the native auth APIs you
mentioned.  You then complained that some of it didn't work for you and
now you say you've fixed some of it to work but you've effectively, or
at least apparently, withheld your fixes from both the NetBSD community
_and_ from the third party developers who would almost certainly have
accepted your changes.

So your whine about third party apps has minor merit, though you are
very confused about what third party developers will continue to do.

Your whine about in-tree applications such as xdm, which you've already
fixed for yourself (but only yourself) has no merit whatsoever.

						Greg A. Woods

+1 416 218-0098                  VE3TCP            RoboHack <>
Planix, Inc. <>          Secrets of the Weird <>