> > IIRC the advantage of BSDi auth modules - since it's separate
> > program, you get the unixish "program does one thing and good" -
> > the API the authentication module program has to follow is fairly
> > simple and streighforward and the program doesn't need to worry
> > about side effects, since it's separate from the program actually
> > trying to authenticate; the auth module program can also drop any
> > unnecessary permissions as needed. This means that the actual
> > program doing authentication (beeing it passwd, login or whatever)
> > doesn't need suid root for the authentication itself.
>Oh, this is actually quite nice -- it also means that all of the
>random programs don't have to support dynamic loading (doesn't work
>with statically-linked binaries).

	IIRC login.conf portion is freely redistributable under normal BSD
	license. (just like tcp/udp enhancement and many of other components)
	the problem is that usually the redistributable portion is on the CD,
	but don't worry, you'll just need to order 90-day eval license.

itojun