Subject: Re: BSD Authentication
To: Michael G. Schabert <mikeride@mac.com>
From: Simon J. Gerraty <sjg@crufty.net>
List: current-users
Date: 09/08/2003 21:44:28
On Mon, 8 Sep 2003 13:26:00 -0400, "Michael G. Schabert" writes:
>Hmm, I'm quite curious by your comments here. This post of yours 
>sounds like it came from Greg A. Woods. You said very little in the 

Ouch ;-) it was a summary after all ;-)

>him...rather, ported not coded) within a few days' time. All of the 

I agree, Peter has been very helpful.  

>"I only want PAM" gallery are trying their best to not ALLOW him to 

I don't think there is a PAM only gallery.  I don't think I or anyone
else has said "no" to BSD Auth.  Just "no, please don't do it in a way
that precludes doing PAM as well" - then we get Greg trying to
redefine our needs/wants to show that we don't need/want what we say
we need/want ;-)  

Anyway, I think we are finally getting somehere so lets try not snatch
defeat from the jaws of ...

>My biggest question is...what's the problem with allowing BSD Auth?

Nothing.  It would have been very nice to not pepper login et all with
BSD Auth api calls - just as it would be nice not to peper them with
PAM calls.  Originally in this thread we were trying to get a handle
on the feaibility of avoiding that.  Of course there are the
inevitable side tracks (trying to prove that just by redesigning AFS
and the rest of the world - there's no need for what we thought we
wanted) but at this point it sounds like we're suck with peppering
them (login et al) with calls for both API's - yuck - but if you can't
avoid it, you can't.

For myself, I expect BSD Auth would do just fine - as would PAM.
I also expect that a login_pam would handle 90% of pam modules, just
as a pam_bsdauth.so would likely handle 90% of BSD Auth thingies - though
recently it sounds like there aren't many of those available anyway.
Not that that matters since it seems a simple shell script can suffice
in many cases.

--sjg