On Thu, May 31, 2012 at 10:12:17AM +0200, Ludwig Nussel wrote:
> Mike Frysinger wrote:
> > On Wednesday 30 May 2012 09:50:57 Karel Zak wrote:
> >> [...]
> >> IMHO is better to use PAM everywhere than duplicate non-PAM code and
> >> assume that the code is correct and well tested. PAM is abstraction,
> >> the final configuration don't have to be complicated.
> >
> > PAM is a complete waste of space on embedded devices and controlled
> > systems.
> > i'm not saying it isn't useful in many setups (perhaps even the majority),
> > just that it is entirely unnecessary in a not insignificant number of other
> > setups.
>
> You could still use the PAM API and only implement the features
> necessary for shadow support. Ie PAM without pluggable modules :-) That
> way ugly ifdefs and code duplication could be avoided.
Linux_PAM supports --enable-static-modules, not sure how usable is
it, but it seems like a better way than duplicate any security
sensitive code.
Karel
--
Karel Zak <[email protected]>
http://karelzak.blogspot.com
