Subject: Re: PAM stinks
To: None <netbsd-advocacy@netbsd.org>
From: Thomas Michael Wanka <Tom@Wanka.at>
List: netbsd-advocacy
Date: 10/02/2001 07:45:42
Hi,
On 1 Oct 2001, at 22:33, Miles Nordin wrote:
> > pam [is good because] mysql
>
> http://openacs.org/philosophy/why-not-mysql.html
>
A quote from this site: "If what you want is raw, fast storage, use a
filesystem. If you want to share it among multiple boxes, use NFS.
If you want simple reliability against simplistic failure, use mirroring.
Want a SQL interface to it all? Use MySQL."
The mentioned installation could have used a standard text user-
/passwordfile. There are other things I would not like (eg. single
point of failure - if pam or the database failed no service was
accessible). But IIRC pam works pretty nice there and that was the
point. If I understood things right pam is there to let every
imaginable service use any imaginable authentication sheme. It
should be no problem to set up a fingerprint or chipcard reader to
work with pam, and it should be less troublesome than implementing
that without pam.
mike