Subject: Re: Pluggable authentication - PAM/BSD Auth
To: Peter Seebach <seebs@plethora.net>
From: Jaromír Dolecek <dolecek@ibis.cz>
List: current-users
Date: 11/10/2000 21:05:18
Peter Seebach wrote:
> BSD Authentication uses a set of libc functions that pass authentication
> requests off to programs with names like /usr/libexec/login_passwd or
> /usr/libexec/login_radius.  There's a spec for how the programs are
> written; the useful thing is you can write a trivial and correct program
> for "do passwd auth, but reject outside of business hours" in about 10 lines
> of shell.

Neat :) I like the idea of separate program for doing the authentication and
I like that this doesn't require the caller to load the authentication
as shared object. Separate process, no way to cause side-effects
in the caller process.
I think the BSD Authentication is the right thing to use.

It would probably be good if we use PAM API where possible, though.
The PAM API to use would probably be primarily compatible with FreeBSD,
Linux and Solaris (not necessarily in this order).

Jaromir
-- 
Jaromir Dolecek <jdolecek@NetBSD.org>      http://www.ics.muni.cz/~dolecek/
@@@@  Wanna a real operating system ? Go and get NetBSD, damn!  @@@@