Re: porting PAM

Chris Hedemark wrote:

> Now of course Theo was talking about something other than PAM. But

Why does OpenBSD "need" PAM? OpenBSD already has a system which accomplishes what PAM offers. I suppose you just want Buzzword compliance with Linux and some of the other BSDs.

PAM is a terrible API and is completely unsuited to modern applications. Its main query/response function runs in a blocking mode, its standard is buggy and ambiguous[1] and (not suprisingly) the implementations of the standard vary greatly.

The modules themselves are another horror. There is little standardisation of modules either in their names or the arguments they accept. Many modules make assumptions about the environment in which they are which are not covered by the PAM RFC. Many modules are (in my experience) buggy.

I'd love to see someone port the BSD auth API to other platforms - it is better in every way.

-d

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related openbsd.org Links advocacy announce bugs ipv6 misc ports ports-changes security-announce smp source-changes tech Request more information about Pantek

[1] http://openpam.sourceforge.net/errata.html Received on Wed May 28 22:46:22 2003