current-users: Re: BSD Authentication

Subject: Re: BSD Authentication
To: Peter Seebach <seebs@plethora.net>
From: John Nemeth <jnemeth@victoria.tc.ca>
List: current-users
Date: 08/28/2003 01:27:37
On Jan 15, 12:31pm, Peter Seebach wrote:
} In message <20030825225112.1797D82@coconut.itojun.org>, itojun@iijlab.net writes:
} >>1.  Does anyone have BSD Auth working on NetBSD?
} >>2.  Does anyone plan to?
} >>
} >>I'm interested in this, just because it's one of my favorite features ever.
} >
} >	every time i raise this question, i get attacked by pro-PAM people.
} 
} Well, let's try another option.
} 
} I want BSD auth.

     The reasons I want PAM are twofold.  The first is because of the
ability to have "template users."  I did a "kiosk" project, which would
have been very difficult to do without it.

     The second is that PAM is becoming ubiquitous.  Most OSes have it
now, i.e. Solaris, HP/UX, FreeBSD, Linux, etc., and most third party
apps that need to do authentication can use it.  There are also lots of
third party PAM modules.

     Like it or not, PAM is rapidly becoming a requirement to be
considered a serious OS.  There is a standards document for it.  One
can argue all they want about the legitimacy of the standards body that
produced it, but you can't deny that the document exists.  One can also
argue about the design and/or security of it, but those arguments
aren't relevant when compared against the ubiquity of PAM.  Of course,
we all know of other things in the OS to which the same arguments apply
that we don't dare remove, i.e. NFS.  NFS started out as a proprietary
Sun feature (hmm, come to think of it, Sun also invented PAM), which
others in the industry picked up.  It quickly grew to the point where
it was a must have feature.  I see PAM taking the same course.  People
can argue about it all they want, but I believe the day is rapidly
coming where it will be a requirement for an OS to have PAM if it wants
to remain in the game.

} Does anyone have a strong objection to including it in the system?  I could
} write it from the spec in a day or two.

     Having said the above, I have no complaints to BSD auth being
added to the system as long as it doesn't interfere with PAM being
added.

}-- End of excerpt from Peter Seebach