Balazs Scheidler <[EMAIL PROTECTED]> writes:
> IMHO we should only use PAM for password authentication. It can be easily
> done, and doing this results in transparent shadow, md5 and NIS support.
Even such a limited use of PAM would require some real ugly hacks to
(i) figure out what the messages sent to the conversation function
really means, and (ii) make sure that we know the ansers before
calling into PAM, so that the conversation function doesn't have to
block.
On the other hand, using getpwnam(), getspnam() and crypt(), should
handle shadow, nis, nis+, md5, blowfish, practically anything. These
traditional unix functions aren't very beautiful either, but they
should do simple password authentication just as well as PAM could
ever do, and they are a lot more portable.
The nicest thing I want to say about PAM right now, is that it would
have been great if it were designed quite differently.
> BTW: it comes from Sun, solaris has the same API.
I know.
/Niels
