In message <200309081634.h88GYH514983@srapc342.sra.co.jp>, Noriyuki Soda writes
:
>Anyways, PAM can reduce the number of setuid programs more than BSD auth.
>(If we provide one setuid wrapper for programs like xlock).
>Because PAM itself doesn't need any privilege promotion like BSD auth.

Er, but in PAM, every program which *uses* authentication must have
privileges.  BSD Auth can have xlock running entirely free of any kind of
privileges.

>Anyway, the reason I prefer PAM is simple.
>1. We need PAM anyway, for compatibility with other UNIX.
>2. If we implement PAM over BSD auth, some third party PAM modules
>  may stop working, because some PAM modules may require the feature
>  that they can change the state of the caller process.
>3. Thus, we have to implement PAM as a basic feature (and implement
>  BSD auth over PAM, if BSD auth compatibility is needed), instead
>  of vice versa.

But you *can't* implement BSD auth over PAM.

So, we need to implement both.

-s