Subject: Re: PAM stinks
To: None <>
From: Thomas Michael Wanka <>
List: netbsd-advocacy
Date: 10/02/2001 07:45:42

On 1 Oct 2001, at 22:33, Miles Nordin wrote:
> > pam [is good because] mysql

A quote from this site: "If what you want is raw, fast storage, use a 
filesystem. If you want to share it among multiple boxes, use NFS. 
If you want simple reliability against simplistic failure, use mirroring. 
Want a SQL interface to it all? Use MySQL." 

The mentioned installation could have used a standard text user-
/passwordfile. There are other things I would not like (eg. single 
point of failure - if pam or the database failed no service was 
accessible). But IIRC pam works pretty nice there and that was the 
point. If I understood things right pam is there to let every 
imaginable service use any imaginable authentication sheme. It 
should be no problem to set up a fingerprint or chipcard reader to 
work with pam, and it should be less troublesome than implementing 
that without pam.