Subject: Re: "BSD Authentication"
To: Chris G. Demetriou <cgd@netbsd.org>
From: David Holland <dholland@cs.toronto.edu>
List: current-users
Date: 11/23/1998 18:31:10
 > [ oh damn, the sarcasm's escaped again... ]
 >
 > > Screen savers shouldn't be doing authentication checks. Remember
 > > lock(1)? It would ask you for a passphrase before locking. xlock 
 > > should be exactly the same way.
 > 
 > and by all means, we should frame our solutions based around how we
 > think the world should work, not existing practice.

:-p

 > Like it or not, programs which do the 'wrong' thing exist.  People
 > will be upset and annoyed if they don't work right.  Providing a
 > Better Solution(TM) that doesn't address the needs of existing
 > software that people want to use is simply not worthwhile.

On the other hand, in the security system, choosing an inferior
solution is a serious matter that should not be taken lightly.

I mean, there are also programs that try to install setuid root csh
scripts. I hope nobody wants to argue that the restriction on this
should be lifted.

Things like xlock would have to be modified to use the new APIs anyway
(although for PAM this may have been done already), so whether they
work out of the box is really a moot question.

-- 
   - David A. Holland             | (please continue to send non-list mail to
     dholland@cs.utoronto.ca      | dholland@hcs.harvard.edu. yes, I moved.)