On Thu, 23 Jan 2003, Dan Melomedman wrote:

[DM: > >You don't understand. I want to avoid using PAM alltogether. I want to
[DM: > >use better mechanisms, like checkpassword or BSD Auth _without_ PAM.
[DM: > >Period.
[DM: >

[KH: > I understand that's what you want .... but what you haven't really
[KH: > explained is why.  I mean, a PAM module that implements BSD Auth will
[KH: > work for apps that today make PAM calls.  If you have your own code
[KH: > that you want to convert, just make it do BSD Auth.  What, exactly, is
[KH: > the problem?  As far as I can tell, it basically boils down to
[KH: > "Applications that call PAM functions really chap my ass".


[DM: What it boils down to is the PAM library will be linked into every
[DM: relevant executable in NetBSD, forcing people to work around this if
[DM: they don't want it.

I'm with Dan on this.  I don't want PAM as a required authentication layer
underneath BSD Auth.  I do not intend to run PAM if I can in any way,
shape or form avoid doing so.  But I would be sorely disappointed if it
was not pluggable/unpluggable without a great deal of effort.

				--*greywolf;
--
NetBSD: Feed The Computer.