On Sun, May 06, 2012 at 10:48:35AM -0400, Guylhem wrote: > IMHO a PAM module is overtly complicated. I noticed correct_password > did also handle shadow password verification. > > Considering OTP just adds a little bit to the file size (and the code > is not optimized yet - it could certainly be improved) it seems like > the most sensible option to me.
This argument can be made for any _ONE_ custom authentication feature. The problem is that if it's made for _EVERY_ custom authentication feature, you have a bloatware nightmare. I feel like PAM is the correct solution. If the existing PAM implementation is too bloated, then write a fake libpam that just implements the one authentication mechanism you want and doesn't do any dynamic loading. I actually started a project like that a long time ago (pam API clone with a small configurable set of linked-in (no dynamic loading) custom auth methods) but I ended up not really needing it and never got past the outer API matching layer... Rich _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
