Date: Sun, 16 Feb 1997 12:26:04 +1030 (CST) From: Michael Smith <msmith@atrad.adelaide.edu.au> To: davidn@labs.usn.blaze.net.au (David Nugent) Cc: imp@village.org, security@freebsd.org Subject: Re: blowfish passwords in FreeBSD Message-ID: <199702160156.MAA03343@genesis.atrad.adelaide.edu.au> In-Reply-To: <19970215024833.30067@usn.blaze.net.au> from David Nugent at "Feb 15, 97 02:48:33 am"
next in thread | previous in thread | raw e-mail | index | archive | help
David Nugent stands accused of saying: > > I looked at PAM in some depth recently and while it looks > interesting enough, I think it is an overkill. We can already The biggest gripes I have with PAM are that it's not adequately documented anywhere, and that none of the modules I've seen were written with portability in mind, so whilst it's a neat model, it's not offering any sort of cross-platform portability for authentication modules. > do most of what PAM can do via login.conf - actually, in a > nicer way imho, although it isn't as easy or simple to switch > modules at runtime as you can with PAM. IMHO, PAM's biggest strength is that it completely removes authentication from the application's domain; you have an API which is driven in the same fashion regardless of the authentication method(s) required. > I'm just a little > nervous about having an authentication system use something > that isn't simple *in principle*, and PAM is anything but that. In principle, I'd say that PAM _is_ simple. I've only studied the "Linux-PAM" implementation, and _it_ is anything but simple, agreed. However I feel that an API-compatible implementation for the BSD environment could be done in a realtively tidy fashion. (And I may have to put my code where my mouth is 8) > David Nugent - Unique Computing Pty Ltd - Melbourne, Australia -- ]] Mike Smith, Software Engineer msmith@gsoft.com.au [[ ]] Genesis Software genesis@gsoft.com.au [[ ]] High-speed data acquisition and (GSM mobile) 0411-222-496 [[ ]] realtime instrument control. (ph) +61-8-8267-3493 [[ ]] Unix hardware collector. "Where are your PEZ?" The Tick [[
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702160156.MAA03343>