In article <20070613071928.GC27114@NetBSD.org>,
Emmanuel Dreyfus  <manu@netbsd.org> wrote:
>Hello
>
>Currently, most of our PAM aware programs call pam_start with a hardcoded
>PAM service string. Here is an example:
>	pam_error = pam_start ("ppp", user, &PAM_conversation, &pamh);
>
>The notable exception is sshd, which uses __progname
># define SSHD_PAM_SERVICE            __progname
>	pam_start(SSHD_PAM_SERVICE, user, &store_conv, &sshpam_handle);
>
>The sshd approach allows more flexibility. For instance, I can create
>a second sshd running on another port:
>ln -s /usr/sbin/sshd /usr/local/sbin/sshd-local
>
>sshd-local will use /etc/pam.d/sshd-local while sshd uses /etc/pam.d/sshd.
>Such a setup is not possible with our other PAM aware programs.
>
>Anyone sees an objection to the system-wide replacement of the pam_start
>first argument (PAM service name) by __progname? I see only benefits here...
>
>Here are the candidates for the change:
>src/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c
>src/dist/pppd/pppd/auth.c
>src/lib/libtelnet/sra.c
>src/libexec/ftpd/ftpd.c
>src/libexec/rexecd/rexecd.c
>src/libexec/rshd/rshd.c
>src/usr.bin/login/login_pam.c
>src/usr.bin/passwd/pam_passwd.c
>src/usr.bin/su/su_pam.c
>xsrc/xfree/xc/programs/Xserver/os/utils.c
>xsrc/xfree/xc/programs/xdm/greeter/verify.c
>xsrc/xorg/app/xdm/greeter/verify.c
>xsrc/xorg/xserver/xorg/os/utils.c

It should be getprogname() and all such programs should call
setprogname() before using it. Unfortunately there is no way to
tell if a configuration file exists for such service, so that you
can fail back to the "known" working config file, but since our
pam fails closed this is not an issue.

christos