Subject: Re: "BSD Authentication"
To: Michael C. Richardson <mcr@sandelman.ottawa.on.ca>
From: None <seebs@plethora.net>
List: current-users
Date: 11/22/1998 17:12:55
In message <199811222213.RAA13999@istari.sandelman.ottawa.on.ca>, "Michael C. R
ichardson" writes:
>  I'd say one major difference is that PAM depends heavily on dynamic
>linking, while BSD authentication appears to work either internally, or
>deal with seperate, external programs. 

It uses external programs.  Thus, any plausible authentication style can
probably be done through BSD authentication.

>  Also, from seeing the external interface posted, I'd also suggestion that 
>BSD style is higher level, and we could easily accomodate PAM modules via
>a BSD2PAM program, but the reverse would be quite difficult.

I don't know for sure, but the BSD Auth scheme would meet my standards
for "high level".  As an example of how it works, in the BSD/OS
implementation, if you remove the standard login_token, and make a link
to login_radius named login_token, it uses a token-style authentication
over radius to a radius server...

BTW, what, if anything, does NetBSD currently do with 'login class'?  Is
that field as unused as the man pages imply?  If so, separate from the
question of BSD Authentication, I'd love to see the 'login.conf' mechanism
from BSD/OS used.  It's very, very, useful.

-s