Michael Richardson <mcr@sandelman.ottawa.on.ca> writes:

>     >> You stated that PAM doesn't add any functionality as long as you have
>     >> source to the OS. I said it did. It's not the only way to add that
>     >> functionality, but that's not the question either.
> 
>     Eduardo> PAM requires dynamic linking.  Not all ports support dynamic linking.  We
>     Eduardo> cannot use PAM.
> 
>   And on those ports that do support dynamic linking, a lot of us do not
> want to use it. In fact, this is my number 1 reason to install NetBSD/i386
> instead of Linux for a firewall or web server. 

        When  software  has `buffer overflow'  problem (either  stack or heap
        overflow) static linking will not help you, it's just another kind of
        security through obscurity.

>   PAM *requires* dynamic linking. It simply does not support statically
> linking-only on any system that I've seen. I *WANT* to rebuild from source.
>   I'd still like it to be as simple as possible, and having external programs
> (a la login.conf) to me is the best way... and one can an external
> authenticator that can load pam modules, so this can be a win-win situation.
> 
>    :!mcr!:            |  Solidum Systems Corporation, http://www.solidum.com
>    Michael Richardson |      ... somewhere in SFO airport ...
>  Personal: mcr@sandelman.ottawa.on.ca. PGP key available.
>  Corporate: <A HREF="mailto:mcr@solidum.com">mcr@solidum.com</A>.