[ On Saturday, July 1, 2000 at 07:39:56 (+1000), Giles Lean wrote: ]
> Subject: Re: login.conf for selecting password verification method (was Re: Kerberos is on by default?) 
>
> Increasing complexity is generally frowned upon from the security
> point of view.  PAM is more complex than "traditional" authentication
> mechanisms such as NetBSD has currently, and the tradeoff is that it
> offers new and to some sites useful functionality.
> 
> PAM is currently used by HP-UX, Linux, Solaris, and probably more
> systems that I don't know about.  I don't think a "big worry" is
> necessary for PAM merely on the grounds that it uses dynamically
> loaded modules.

Well given all the other security risks inherent in running in a
dynamically loaded environment, especially with loadable kernel modules,
the additional risks inhernent in dynamically loading your
authentication code are not that much higher.

Personally I'd always pick statically linked environments every time
for security sensitive situations even if it wastes a bit more disk and
RAM....

It's also important to note that PAM offers almost no useful
functionality when you already have source for everything.....

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>