Subject: Re: PAM
To: Noriyuki Soda <soda@sra.co.jp>
From: Greg A. Woods <woods@weird.com>
List: current-users
Date: 08/27/2002 17:56:25
[ On Wednesday, August 28, 2002 at 00:52:46 (+0900), Noriyuki Soda wrote: ]
> Subject: Re: PAM
>
> - IMHO, it's less secure than PAM.

I don't know about that, but I do know PAM isn't secure enough for me,
not to mention that by design it requires this whole big insecure mess
of dlopen() support in everything that does anything even remotely
related to authentication and/or authorization.

> - PAM is standard.

"Standard"?  I don't think so.  It's common, but it's far from being a
real standard.  I wonder if the GNU/Linux implementation can even load
and use a binary Solaris plugin (assuming it's for the same target CPU).

>  We have to support it anyway.

I don't think so.

M$ Windoze applications are a similar kind of "standard" yet NetBSD
certainly doesn't need to include support for them.

-- 
								Greg A. Woods

+1 416 218-0098;            <g.a.woods@ieee.org>;           <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>