Subject: Re: login.conf for selecting password verification method (was Re: Kerberos is on by default?)
To: NetBSD Userlevel Technical Discussion List <tech-userlevel@NetBSD.ORG>
From: Greg A. Woods <firstname.lastname@example.org>
Date: 07/07/2000 23:43:50
[ On , July 4, 2000 at 10:47:04 (+0200), Johan Danielsson wrote: ]
> Subject: Re: login.conf for selecting password verification method (was Re: Kerberos is on by default?)
> email@example.com (Greg A. Woods) writes:
> > It's also important to note that PAM offers almost no useful
> > functionality when you already have source for everything.....
> By the same logic, nothing offers useful functionality in free
> software environments.
No, that's not true and is not an extension of the same logic....
As I understand it the primary purpose of PAM is to allow addition of
new authentication mechanisms to binary-only systems. This is not
necessary in an environment where not only do you have full source in an
easy-to-build and modify form, but you also already have full source to
most of the authentication mechanisms you could need or want.
I would say that both Linux and Solaris mostly qualify as binary-only
systems, but NetBSD does not. What's most interesting in this is that
BSDi, despite being offered as a mostly binary-only product does not use
PAM, reportedly because of the risks inherent in its design....
Greg A. Woods
+1 416 218-0098 VE3TCP <firstname.lastname@example.org> <robohack!woods>
Planix, Inc. <email@example.com>; Secrets of the Weird <firstname.lastname@example.org>