sudog writes:

>PAM is only the de-facto standard because Linux is its bitch. And because 
>of that, I had NO END of troubles trying to re-work busy systems into an 
>actually usable state. As a former system admin of a 50,000 customer ISP, 
>PAM was one of my more onerous headaches. Recompiling everything to use 
>statically-linked auth libs and shadow passwords directly was one week of 
>hell that I'd just as soon forget.
>
>Is there no other "nice" way to migrate to LDAP without indulging in a 
>dynamically linked frenzy?

Well, with the pam (or generic authentication) daemon I proposed,
the programs themselves could still be dynamically linked, doing
the whole auth business via IPC.  No need to rely on dynamically
loading modules at runtime.

--mkb