Subject: Re: login.conf for selecting password verification method (was Re: Kerberos is on by default?)
To: NetBSD Userlevel Technical Discussion List <tech-userlevel@NetBSD.ORG>
From: Greg A. Woods <email@example.com>
Date: 07/07/2000 23:43:50
[ On , July 4, 2000 at 10:47:04 (+0200), Johan Danielsson wrote: ]
> Subject: Re: login.conf for selecting password verification method (was Re: Kerberos is on by default?)
> firstname.lastname@example.org (Greg A. Woods) writes:
> > It's also important to note that PAM offers almost no useful
> > functionality when you already have source for everything.....
> By the same logic, nothing offers useful functionality in free
> software environments.
No, that's not true and is not an extension of the same logic....
As I understand it the primary purpose of PAM is to allow addition of
new authentication mechanisms to binary-only systems. This is not
necessary in an environment where not only do you have full source in an
easy-to-build and modify form, but you also already have full source to
most of the authentication mechanisms you could need or want.
I would say that both Linux and Solaris mostly qualify as binary-only
systems, but NetBSD does not. What's most interesting in this is that
BSDi, despite being offered as a mostly binary-only product does not use
PAM, reportedly because of the risks inherent in its design....
Greg A. Woods
+1 416 218-0098 VE3TCP <email@example.com> <robohack!woods>
Planix, Inc. <firstname.lastname@example.org>; Secrets of the Weird <email@example.com>