Greg A. Woods writes:

>There are much better solutinos to gain flexible authentication and
>authorisation support than to go down the road of pluggable modules.

And which are?  You could run a program for each authentication
method (or basically, user/group id resolution type) every time
and that might work for user logins but certainly not very well
for anything else (just imagine a halfway busy mail server which
might have dozens of such lookups per second.)

>What exactly do you think you need to dynamically, at run-time in a live
>system, change about the way your system does authentication?

That's the same argumentation as if you had to reboot to change
the nameserver, or rebuild the system to change the hostname etc.

--mkb