On Fri, 4 Jan 2002, John Nemeth wrote:

> On Apr 16,  6:01am, Todd Vierling wrote:
> }
> } Perhaps the question should be rephrased as, "do we *need* the ability for
> } init to have external auth methods, and so forth?"  If not, then init can
> } stay static without pain.
>
>      In order to answer that question, you need to ask when and why
> does init need to be able to authenticate people.  The answer is that
> it asks for the root password when entering single user mode on an
> insecure console.  This is usually done immediately after boot.  At
> this point in time, there is normally no networking (with the possible
> exception of diskless boots), and there are no other processes
> running.  This means that you can't access distributed password
> databases on other systems and there won't be any server processes for
> local NIS/NIS+/LDAP/Hesiod/etc. databases.  In other words,
> realistically, at the point in time when init wants to do
> authentication, the only method available will be local file.

I agree that distributed options won't be available right after boot, but
that doesn't mean that module-based authenticators won't work. :-) I'm
thinking of a card-based authenticator, like I think smartcard type
things (where you type in a pin and the number from the card).

While I agree the need for such things won't be common, the places where
they will be needed will probably have a hard requirement. So if we can,
being able to add modules to an otherwise static init would be nice.

Take care,

Bill