[buug] PAM (& base install of BSD)
Michael.Paoli at cal.berkeley.edu
Thu Mar 10 17:46:25 PST 2011
> From: "Karen Hogoboom" <khogoboom at gmail.com>
> Subject: Re: login [not] a daemon? ... & CDs
> Date: Thu, 10 Mar 2011 06:30:13 -0800
> I still don't see why a base install of BSD decided I wanted to use PAM.
Because PAM is generally the right way to do it. It rather cleanly
(via API) separates out most authentication, etc. from the programs
that need to use such.
In the "bad old days" before PAM, if one needed to add a new
authentication scheme, one would have to update (e.g. recode/recompile)
all the programs that used authentication to support the new
authentication scheme. Likewise if a bug was found in said
authentication scheme, all those programs would need to be updated.
With PAM, just the PAM modules/programs themselves would need to be
updated. The concept and practice is relatively similar to shared
libraries in general.
More information about the buug