Subject: Re: PAM stinks
To: None <>
From: Miles Nordin <carton@Ivy.NET>
List: netbsd-advocacy
Date: 10/02/2001 19:54:15
> The mentioned installation could have used a standard text user-
> /passwordfile.

Or, a standard db(3) file, even.

As for thumbprints,

Question 1:  How will PAM allow login(1) to use biometrics, say a 
             retinal scanner, as part of authentication, by changing 
             code in only one place?

Now that you've answered Question 1, let's move on.

Question 2:  How will changing code in this one spot allow the retinal 
             scanner to automatically work with POP3?  How about netatalk?

Question 3:  Okay, maybe I was being overly-ambitious.  But, at least you 
             got the retinal scanner working with login(1), thanks to PAM.  
             Now, how about, when login(1) is invoked by telnetd instead 
             of getty?

Like I said, PAM solves an ill-posed problem, and is therefore a 
fundamentally broken architecture.