Subject: Re: login.conf for selecting password verification method (was Re: Kerberos is on by default?)
To: NetBSD Userlevel Technical Discussion List <tech-userlevel@NetBSD.ORG>
From: Greg A. Woods <woods@weird.com>
List: tech-userlevel
Date: 07/07/2000 23:43:50
[ On , July 4, 2000 at 10:47:04 (+0200), Johan Danielsson wrote: ]
> Subject: Re: login.conf for selecting password verification method (was Re: Kerberos is on by default?)
>
> woods@weird.com (Greg A. Woods) writes:
>
> > It's also important to note that PAM offers almost no useful
> > functionality when you already have source for everything.....
>
> By the same logic, nothing offers useful functionality in free
> software environments.
No, that's not true and is not an extension of the same logic....
As I understand it the primary purpose of PAM is to allow addition of
new authentication mechanisms to binary-only systems. This is not
necessary in an environment where not only do you have full source in an
easy-to-build and modify form, but you also already have full source to
most of the authentication mechanisms you could need or want.
I would say that both Linux and Solaris mostly qualify as binary-only
systems, but NetBSD does not. What's most interesting in this is that
BSDi, despite being offered as a mostly binary-only product does not use
PAM, reportedly because of the risks inherent in its design....
--
Greg A. Woods
+1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>