In message <200309081738.h88Hchb16200@srapc342.sra.co.jp>, Noriyuki Soda writes
:
>Yeah. But default installation requires 6 more setuid root programs
>with BSD auth. So, your objection sounds not practical, but just
>theoretical for me.

I think in practice it's a very good practical objection.  With PAM, every
new screen saver needs to be setuid root, because there's no other way it
can possibly have all the privileges it needs.  With BSD Auth, it's easy
for us to make several of those programs setgid or no-special-privs, and
the *calling* programs don't need any privileges at all.

The option of giving calling programs only those permissions they need to
perform their function, rather than every permission they could possibly need
to run an authenticator, is a HUGE feature from a security standpoint.  If
I want to write a little dongle that just locks my terminal, it can run with
just *my* priviliges, no matter what the authentication scheme is.

-s