by redmail.netbsd.org with SMTP; 30 Jan 2000 18:58:07 -0000
	by herd.plethora.net (8.9.0/8.9.0) with ESMTP id MAA08371;
	Sun, 30 Jan 2000 12:58:04 -0600 (CST)
	by guild.plethora.net (8.9.3/8.9.0) with ESMTP id MAA17571;
	Sun, 30 Jan 2000 12:58:02 -0600 (CST)
Message-Id: <200001301858.MAA17571@guild.plethora.net>
From: seebs@plethora.net (Peter Seebach)
Reply-To: seebs@plethora.net (Peter Seebach)
To: Aidan Cully <aidan@kublai.com>
cc: Assar Westerlund <assar@sics.se>, tech-userlevel@netbsd.org,
        current-users@netbsd.org, tech-security@netbsd.org
Subject: Re: PROPOSAL: making passwd pluggable (sort of) 
In-reply-to: Your message of "Sun, 30 Jan 2000 13:41:07 EST."
             <20000130134107.A8499@ozymandias.kublai.com> 
Date: Sun, 30 Jan 2000 12:58:01 -0600

In message <20000130134107.A8499@ozymandias.kublai.com>, Aidan Cully writes:
>Because I don't want to open this can of worms?  I've got no objection
>to going PAM wholesale, personally, but I seem to remember a massive
>flamefest last time this came up, and I don't want to be the person to
>make that decision.

Heh.  It does tend to a flamefest.

The big reason:  PAM does not allow a sysadmin to let a non-setuid program
validate logins or similar things that would require setuid privs to check.

I've been using BSD Authentication (the stuff that BSDI donated to the general
public as a usable auth scheme to use with login.conf), and I *love* it.  Want
a login method that lets people log in only during business hours?
	#!/bin/sh
	case `date +%H` in
	09|10|11|12|13|14|15|16)
		exec login_passwd $*
		;;
	*)
		echo >&3 "reject"
		exit 1
		;;
	esac

I may have botched this, since I'm pretty much doing it from memory, but
that's a pretty simple, user-friendly interface.  Okay, you need to read
the docs to know that you write reject to &3.

-s