>>>>> "Giles" == Giles Lean <giles@nemeton.com.au> writes:
    Giles> PAM is currently used by HP-UX, Linux, Solaris, and probably more
    Giles> systems that I don't know about.  I don't think a "big worry" is
    Giles> necessary for PAM merely on the grounds that it uses dynamically
    Giles> loaded modules.

  It is to me. It isn't just security, it is also reliability.

  It means that it both another set of binaries that must be "protected" 
and more importantly, it means a set of files that must all be kept
synchronized during system upgrades.

  Linux and Solaris do not let you build a true static binary (they always
dynamic load PAM, nsswitch/libresolv) which makes it hard to build binaries
for emergency maintainance. 

] Planes have DC now, but not this one. Trains have more power. |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [