Subject: Re: PROPOSAL: making passwd pluggable (sort of)
To: Aidan Cully <>
From: Peter Seebach <>
List: tech-userlevel
Date: 01/30/2000 12:58:01
In message <>, Aidan Cully writes:
>Because I don't want to open this can of worms?  I've got no objection
>to going PAM wholesale, personally, but I seem to remember a massive
>flamefest last time this came up, and I don't want to be the person to
>make that decision.

Heh.  It does tend to a flamefest.

The big reason:  PAM does not allow a sysadmin to let a non-setuid program
validate logins or similar things that would require setuid privs to check.

I've been using BSD Authentication (the stuff that BSDI donated to the general
public as a usable auth scheme to use with login.conf), and I *love* it.  Want
a login method that lets people log in only during business hours?
	case `date +%H` in
		exec login_passwd $*
		echo >&3 "reject"
		exit 1

I may have botched this, since I'm pretty much doing it from memory, but
that's a pretty simple, user-friendly interface.  Okay, you need to read
the docs to know that you write reject to &3.