[ On Wednesday, March 17, 1999 at 22:08:02 (-0800), dustin sallings wrote: ]
> Subject: Re: Philosophy of PAM and rc.d
>
> 	I'm not sure about the flakiness parts, but even if the
> architecture does change, there is a *huge* gain simply by having the
> authentication pluggable.  I.e. I would like to make some my systems use
> RADIUS (or LDAP) for authentication.  The only thing that's stopped me in
> the past is the amount of pain it would take to get all of the little
> details working.

I personally don't at all like the idea of having "pluggable"
authentication or authorization modules.  It scares the willies out of
me.  /etc/nsswitch.conf is more than flexible enough, even if it's not
100% fleshed out with fancy things like RADIUS and LDAP yet.  At least
with nsswitch I have a 100% guaranteed single place to disable all the
risky schemes and force everything to use local files, etc.

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>