On Sun, 22 Nov 1998 seebs@plethora.net wrote:

: >Pluggable Authentication Modules.  Provides for a dlopen()ed set of
: >libraries that can allow authentication for user ID's via any mechanism
: >(/etc/passwd, YP, Kerberos, RSA, SQL, ...).  The difference, from what I can
: >see of this minor discussion, is that PAM allows authentication for anything
: >from Web servers to interactive logins to POP3 servers.  Its use is not
: >restricted to login(1).
: 
: Anything that wanted to do authentication could use the libc hooks; for
: instance, on BSD/OS, you can set up radiusd to use any of the authentication
: methods, ftpd to use other ones, and so on...

I suppose I misunderstood somewhat - I was thinking that login_whatever(1)
was a program chosen by login(1) to be exec()d in its place.  In that case,
it sounds as if these are servers for a particular type of database.

PAM is similar, but doesn't require communication with a server (or
"middleman server", in the case of things like YP or SQL or radius).  The
code is run in the space of the process doing authentication, via a shlib.

-- 
-- Todd Vierling (Personal tv@pobox.com; Bus. todd_vierling@xn.xerox.com)