A PAM model would probably be better than a BSD model, unless, as
someone suggested, one could do both, using the BSD model to implement a
PAM model.  I would vote for PAM for the following reasons:

1.  Complies with the standard used by many other UNIx and UNIX-like
vendors.  (rule of least astonishment.)

2.  Configuration files could conceivably be copied, or trivially modified
to run under NetBSD and other platforms, making it easier to support such
NetBSD.  

3.  With the NetBSD binary compatibility mode already in full swing for a
variety of *nix OS's, including Solaris, Linux and FreeBSD, PAM modules
which came in binary packages could run alongside other PAM modules which
were native to NetBSD with the same configuration files controlling all of
them.

4.  An actual use might be integrated AFS login.  We currently run a
modified login program to get integrated user and AFS privileges, but under
our Solaris environment, we do this with standard OS binaries and PAM
modules.
-Brian
On Nov 23,  2:38pm, Ted Lemon wrote:
} Subject: Re: "BSD Authentication"
} 
} > >	- Do we need this functionality at all?
} > 
} > Probably not, but it might make new authentication styles a lot easier.
} 
} If the answer is really "probably not," then we don't need to discuss
} this any further.
} 
} > >	- What are the strengths of PAM?
} > >	- What are the strengths of the BSD code?
} > >	- Of these, which are relevant to us?
} > 
} > That's one that can be argued only by people who've used both.
} 
} Au contraire - the idea is that people who've used PAM can say what
} its strengths are (i.e., what it does for them) and people who've used
} the BSD/os code can do likewise.   Then, given that we have a
} statement of purpose (why we are integrating this code), we can see
} how PAM and the BSD/os code measure up to the statement of purpose,
} and based on that we can decide what to do.
} 
} > I think one of the main uses would be larger networks which want to do more
} > significant authentication services.  The ability to drop in wrappers on
} > schemes is very nice.  I'm not sure how PAM does that.  Does anyone know
} > how, using PAM, you'd generate a scheme which was {in business hours,
} > use this other scheme, otherwise, reject}?
} 
} This is very abstract.   Can you say how you, specifically, would use
} it, or how somebody you specifically know would use it?   I really
} think you should be able to answer the question "what are you going to
} do with this" with a clear, specific answer before you can claim that
} it should be integrated.
} 
} > One other thing I've noticed is that I think either can be used to implement
} > the other.  So, we might do both, just from a "make things easy for lots of
} > admins" standpoint.
} 
} Historically this hasn't been how we've operated.
} 
} > I like the fact that BSD Authentication can allow non-setuid programs to
} > perform authentication checks that need root privs.  I also like the fact
} > that catastrophic failures in authentication schemes have no effect on the
} > program running them.
} 
} On the other hand, this makes seamless trojan horses a lot easier to
} write.   WRT authentication in particular, making things possible that
} weren't previously possible isn't *necessarily* a good thing.   This
} isn't a path on which we should embark lightly.
} 
} 			       _MelloN_
>-- End of excerpt from Ted Lemon