Subject: Re: login.conf for selecting password verification method (was Re:
To: Jason R Thorpe <thorpej@zembu.com>
From: Greywolf <greywolf@starwolf.com>
List: tech-userlevel
Date: 06/30/2000 17:03:27
On Fri, 30 Jun 2000, Jason R Thorpe wrote:
# On Sat, Jul 01, 2000 at 01:34:27AM +0200, Jaromír Doleček wrote:
#
# > IIRC the advantage of BSDi auth modules - since it's separate
# > program, you get the unixish "program does one thing and good" -
# > the API the authentication module program has to follow is fairly
# > simple and streighforward and the program doesn't need to worry
# > about side effects, since it's separate from the program actually
# > trying to authenticate; the auth module program can also drop any
# > unnecessary permissions as needed. This means that the actual
# > program doing authentication (beeing it passwd, login or whatever)
# > doesn't need suid root for the authentication itself.
#
# Oh, this is actually quite nice -- it also means that all of the
# random programs don't have to support dynamic loading (doesn't work
# with statically-linked binaries).
Jason, I'm confused by this, because it looks as though you're saying
two different things. (don't have to support dynamic loading + doesn't
work with statically linked-binaries == "mutually exclusive"?)
--*greywolf;
--
BSD: Two guys with a vax.