Hello

Currently, most of our PAM aware programs call pam_start with a hardcoded
PAM service string. Here is an example:
	pam_error = pam_start ("ppp", user, &PAM_conversation, &pamh);

The notable exception is sshd, which uses __progname
# define SSHD_PAM_SERVICE            __progname
	pam_start(SSHD_PAM_SERVICE, user, &store_conv, &sshpam_handle);

The sshd approach allows more flexibility. For instance, I can create
a second sshd running on another port:
ln -s /usr/sbin/sshd /usr/local/sbin/sshd-local

sshd-local will use /etc/pam.d/sshd-local while sshd uses /etc/pam.d/sshd.
Such a setup is not possible with our other PAM aware programs.

Anyone sees an objection to the system-wide replacement of the pam_start
first argument (PAM service name) by __progname? I see only benefits here...

Here are the candidates for the change:
src/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c
src/dist/pppd/pppd/auth.c
src/lib/libtelnet/sra.c
src/libexec/ftpd/ftpd.c
src/libexec/rexecd/rexecd.c
src/libexec/rshd/rshd.c
src/usr.bin/login/login_pam.c
src/usr.bin/passwd/pam_passwd.c
src/usr.bin/su/su_pam.c
xsrc/xfree/xc/programs/Xserver/os/utils.c
xsrc/xfree/xc/programs/xdm/greeter/verify.c
xsrc/xorg/app/xdm/greeter/verify.c
xsrc/xorg/xserver/xorg/os/utils.c


-- 
Emmanuel Dreyfus
manu@netbsd.org