by redmail.netbsd.org with SMTP; 30 Jan 2000 18:41:22 -0000
	id 18DE526BE; Sun, 30 Jan 2000 13:41:07 -0500 (EST)
Date: Sun, 30 Jan 2000 13:41:07 -0500
From: Aidan Cully <aidan@kublai.com>
To: Assar Westerlund <assar@sics.se>
Cc: tech-userlevel@netbsd.org, current-users@netbsd.org,
	tech-security@netbsd.org
Subject: Re: PROPOSAL: making passwd pluggable (sort of)
Message-ID: <20000130134107.A8499@ozymandias.kublai.com>
References: <20000130122641.A8134@xanadu.kublai.com> <5lsnzfwgvw.fsf@assaris.sics.se>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
User-Agent: Mutt/1.1.1i
In-Reply-To: <5lsnzfwgvw.fsf@assaris.sics.se>; from assar@sics.se on Sun, Jan 30, 2000 at 07:31:31PM +0100

On Sun, Jan 30, 2000 at 07:31:31PM +0100, Assar Westerlund wrote:
> Aidan Cully <aidan@kublai.com> writes:
> > Instead, I'd like to attempt to make passwd more pluggable, by defining
> > an array of passwd-module structures.
> 
> Have you thought about using an existing solution for this problem,
> like PAM?  And if you think that PAM is not a good solution, why not?

Because I don't want to open this can of worms?  I've got no objection
to going PAM wholesale, personally, but I seem to remember a massive
flamefest last time this came up, and I don't want to be the person to
make that decision.

What I've tried to make possible, though, is a PAM element in the
pw_modules list, which should allow us to maintain pretty good
backwards compatibility, should we ever add either PAM or some
login.conf related passwd changer.

--aidan