Subject: Re: BSD auth for NetBSD
To: Bill Studenmund <wrstuden@netbsd.org>
From: Greg A. Woods <woods@weird.com>
List: tech-security
Date: 09/11/2003 16:23:05
[ On Thursday, September 11, 2003 at 09:49:32 (-0700), Bill Studenmund wrote: ]
> Subject: Re: BSD auth for NetBSD
>
> Have you not been listening?

Very much so!

However I've not yet seen one shred of evidence which would show that
there could be any kind of problem with implementing PAM afterwards or
even with implementing PAM support via a BSD Auth proxy authenticator.

I.e. there's been no indication of any technically insurmountable
problem with the plan of implementing BSD Auth now as a direct
first-class component of NetBSD and then when someone comes along with
PAM code that works in that framework then it can be added at that time
if indeed there is any real call to implement PAM once BSD Auth has been
made available.

If PAM can be implemented as a dynamically loaded nsswitch dispatch
routine then so much the better, but as I'm sure you're aware there's
still need to exend the nsswitch internal and external APIs to include
authenticator hooks regardless as without them any runtime configurable
authentication framework remains un-associated with nsswitch and will
still require individual #ifdefs in all programs that initiate
authentication requests.

> Pushing and shoving will only make it less likely to happen.

I can only pull from this position.....  :-)

-- 
						Greg A. Woods

+1 416 218-0098                  VE3TCP            RoboHack <woods@robohack.ca>
Planix, Inc. <woods@planix.com>          Secrets of the Weird <woods@weird.com>