On Sat, Dec 29, 2001 at 01:21:02PM -0800, Bill Studenmund wrote:
> The fundamental point is that we want to be able to add locale support and
> new authentication schemes to all(*) programs, even ones in /bin and
> /sbin. We really need that to be able to move forward in a number of
> directions that I gather the majority of the project folks (including
> myself) want to move.

Say, I have a question. 

How terrible would it be to move authentication out of "all" programs and
into an "authentication program"? There could be an API of sorts to
communicate between the application and the authenticator.

To add new or different forms of authentication would therefore not
require dynamic linking, it would just require starting up a different
authenticator program. This authenticator could be a single process
running all the time or it could be a process that sends back a "yes"
or "no" (along with other data, as needed -- Kerberos tickets, for example).

Opinions?
-- 
Kevin P. Neal                                http://www.pobox.com/~kpn/
           On the community of supercomputer fans:
"But what we lack in size we make up for in eccentricity." 
  from Steve Gombosi, comp.sys.super, 31 Jul 2000 11:22:43 -0600