Subject: Re: BSD auth for NetBSD
To: NetBSD Security Technical Discussion List <tech-security@NetBSD.ORG>
From: Bill Studenmund <wrstuden@netbsd.org>
List: tech-userlevel
Date: 09/14/2003 20:53:40
On Sun, 14 Sep 2003, Greg A. Woods wrote:
> [ On Sunday, September 14, 2003 at 10:52:25 (-0700), Jason Thorpe wrote: ]
> > Subject: Re: BSD auth for NetBSD
> > One of the major features of using PAM is API compatibility with
> > PAM-using applications (of which there are many, especially compared to
> > BSD Auth).
>
> That answer simply does not have anything whatsoever to do with my
> original statement.
>
> In fact on the contrary you are now simply confirming the reason for
> using a shim or wrapper API, especially a two-way one as I suggested, in
> the first place -- i.e. an API which includes both BSD Auth client
> functions and PAM client functions and which can be configured (at
> runtime or at compile time) to call either framework out the back end.
> Such a shim or wrapper API actually makes it better for everyone since
> with any application would use either framework without (as much)
> porting effort regardless of which client API it might support best
> natively.
I started to look at such a shim API, but have not gotten very far. It
looks like just using PAM and having a BSD Auth using module ship in the
base system would be the best way to go.
Take care,
Bill