Subject: Re: login.conf for selecting password verification method (was Re: Kerberos is on by default?)
To: None <email@example.com>
From: None <firstname.lastname@example.org>
Date: 07/01/2000 08:54:01
> > IIRC the advantage of BSDi auth modules - since it's separate
> > program, you get the unixish "program does one thing and good" -
> > the API the authentication module program has to follow is fairly
> > simple and streighforward and the program doesn't need to worry
> > about side effects, since it's separate from the program actually
> > trying to authenticate; the auth module program can also drop any
> > unnecessary permissions as needed. This means that the actual
> > program doing authentication (beeing it passwd, login or whatever)
> > doesn't need suid root for the authentication itself.
>Oh, this is actually quite nice -- it also means that all of the
>random programs don't have to support dynamic loading (doesn't work
>with statically-linked binaries).
IIRC login.conf portion is freely redistributable under normal BSD
license. (just like tcp/udp enhancement and many of other components)
the problem is that usually the redistributable portion is on the CD,
but don't worry, you'll just need to order 90-day eval license.