Subject: Re: Philosophy of PAM and rc.d
To: None <current-users@netbsd.org>
From: Greg A. Woods <woods@most.weird.com>
List: current-users
Date: 03/18/1999 01:34:33
[ On Wednesday, March 17, 1999 at 22:08:02 (-0800), dustin sallings wrote: ]
> Subject: Re: Philosophy of PAM and rc.d
>
> I'm not sure about the flakiness parts, but even if the
> architecture does change, there is a *huge* gain simply by having the
> authentication pluggable. I.e. I would like to make some my systems use
> RADIUS (or LDAP) for authentication. The only thing that's stopped me in
> the past is the amount of pain it would take to get all of the little
> details working.
I personally don't at all like the idea of having "pluggable"
authentication or authorization modules. It scares the willies out of
me. /etc/nsswitch.conf is more than flexible enough, even if it's not
100% fleshed out with fancy things like RADIUS and LDAP yet. At least
with nsswitch I have a 100% guaranteed single place to disable all the
risky schemes and force everything to use local files, etc.
--
Greg A. Woods
+1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>