>> Now.... throw nsswitch.conf into the mix and it probably starts to
>> get ugly.  Though apps that use nsswitch.conf would likely fit 
>> better with the PAM model - since they are already doing shared 
>> objects?

>I have no shared objects on my systems which use nsswitch.conf.

Woopie.

>Meanwhile if you admit that all the things which it is claimed only PAM

Of course I don't admit that - I've seen no evidence that it can.
Certainly not from you - simply dismissing things you don't want/like
as being irrelevant or broken etc.

Show me how to implement template users with BSD Auth.
The requirement:

login, sshd or whatever, collect username/password hand off to radius or 
tacplus (or whatever) and get back and OK as well as the name of an account
that actually exists in /etc/passwd that should be used (since username
does not exist outside of the radius server).

Oh, and whether _you_ have any need for that functionaility isn't relevant.
No one is asking you to use it - just explain how BSD Auth can handle it.
Some of us would like to keep this a useful discussion.

And finally yes, its a real world requirement - ask anyone who 
manages more than a few hundred routers.

--sjg