On Fri, 4 Nov 2005, Ken Koch wrote:
Which would be a more efficient means of compiling? PMB or STD authentication on a Solaris 8 box with NIS+?
This is the first that I have heard of "efficiency" being used as a decision point on whether or not to use PAM.
Typically, the decision to use PAM is based upon a desire to centralize authentication policy within the PAM infrastructure and not to have individual daemons make their own decision. For example, if a site decides to validate passwords via LDAP or Kerberos instead of the password file, they only need to change the PAM configuration rather than having to rebuild all the daemons.
Another reason for a decision to use PAM is that on some systems, PAM is the *only* means of password authentication. For a long time now, most systems will not provide the encrypted passwords with getpwnam(); these days, there are systems in which getspnam() no longer works usefully (or exists).
In general, I recommend that if your system has PAM installed, that you use it. Modern systems should not have any substantial "efficiency" concerns, and it's clear that using PAM is going with the flow.
-- Mark -- http://panda.com/mrc Democracy is two wolves and a sheep deciding what to eat for lunch. Liberty is a well-armed sheep contesting the vote. _______________________________________________ Imap-uw mailing list [email protected] https://mailman1.u.washington.edu/mailman/listinfo/imap-uw
