Subject: Re: login.conf for selecting password verification method (was Re: Kerberos is on by default?)
To: =?iso-8859-1?Q?Jarom=EDr_Dole=E8ek?= <>
From: Jason R Thorpe <>
List: tech-userlevel
Date: 06/30/2000 16:47:42
On Sat, Jul 01, 2000 at 01:34:27AM +0200, Jaromír Doleček wrote:

 > IIRC the advantage of BSDi auth modules - since it's separate
 > program, you get the unixish "program does one thing and good" -
 > the API the authentication module program has to follow is fairly
 > simple and streighforward and the program doesn't need to worry
 > about side effects, since it's separate from the program actually
 > trying to authenticate; the auth module program can also drop any
 > unnecessary permissions as needed. This means that the actual
 > program doing authentication (beeing it passwd, login or whatever)
 > doesn't need suid root for the authentication itself.

Oh, this is actually quite nice -- it also means that all of the
random programs don't have to support dynamic loading (doesn't work
with statically-linked binaries).

        -- Jason R. Thorpe <>