Subject: Re: PROPOSAL: making passwd pluggable (sort of)
To: None <tech-userlevel@netbsd.org, current-users@netbsd.org,>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: current-users
Date: 01/30/2000 22:30:05
On Sun, Jan 30, 2000 at 07:31:31PM +0100, Assar Westerlund wrote:
> Aidan Cully <aidan@kublai.com> writes:
> > Instead, I'd like to attempt to make passwd more pluggable, by defining
> > an array of passwd-module structures.
> 
> Have you thought about using an existing solution for this problem,
> like PAM?  And if you think that PAM is not a good solution, why not?

I thought about that -- in fact, I decided to do it.  But as a sanity
check, before I wrote the code, I tried _using_ a system with PAM for
a few days.  I was... not pleased... with some of the practical
consequences of the design, which I had not thought through adequately
before that point.  The largest, ugliest one was that you basically can't 
do authentication if you're not willing to expose yourself to dynamic 
loading of arbitrary code based on the contents of a configuration file.

I don't want garbage like that in the critical security path of, for
example, my embedded firewalls.  And I *certainly* don't want to have
to dynamically link things like login or passwd, which would be
required in order to get the necessary dynamic loading on some ports...

-- 
Thor Lancelot Simon	                                      tls@rek.tjls.com
	"And where do all these highways go, now that we are free?"