In message <Pine.NEB.4.53.0309062138480.1055@rivendell.starwolf.com>, Greywolf 
writes:
>Surely one of (PAM_AUTH||BSD_AUTH) can handle the local lookup part as well?

It could, but people may not want *either* method - giving them an ironclad
guarantee that the resulting executable will not be spoofed by later changes
to the authentication code.

-s