Subject: Re: login.conf for selecting password verification method (was Re: Kerberos is on by default?)
To: =?iso-8859-1?Q?Jarom=EDr_Dole=E8ek?= <dolecek@ibis.cz>
From: Jason R Thorpe <thorpej@zembu.com>
List: tech-userlevel
Date: 06/30/2000 16:47:42
On Sat, Jul 01, 2000 at 01:34:27AM +0200, Jaromír Doleček wrote:
> IIRC the advantage of BSDi auth modules - since it's separate
> program, you get the unixish "program does one thing and good" -
> the API the authentication module program has to follow is fairly
> simple and streighforward and the program doesn't need to worry
> about side effects, since it's separate from the program actually
> trying to authenticate; the auth module program can also drop any
> unnecessary permissions as needed. This means that the actual
> program doing authentication (beeing it passwd, login or whatever)
> doesn't need suid root for the authentication itself.
Oh, this is actually quite nice -- it also means that all of the
random programs don't have to support dynamic loading (doesn't work
with statically-linked binaries).
--
-- Jason R. Thorpe <thorpej@zembu.com>