Subject: Re: login.conf for selecting password verification method (was Re: Kerberos
To: Giles Lean <>
From: Jaromír Doleček <>
List: tech-userlevel
Date: 07/01/2000 01:34:27
IIRC the advantage of BSDi auth modules - since it's separate
program, you get the unixish "program does one thing and good" -
the API the authentication module program has to follow is fairly
simple and streighforward and the program doesn't need to worry
about side effects, since it's separate from the program actually
trying to authenticate; the auth module program can also drop any
unnecessary permissions as needed. This means that the actual
program doing authentication (beeing it passwd, login or whatever)
doesn't need suid root for the authentication itself.

The advantage of PAM is merely that it's used more widely :)

Jaromir Dolecek <>
@@@@  Wanna a real operating system ? Go and get NetBSD, damn!  @@@@