>Most, but not all things in /etc/default/login can be moved into PAM >modules, yes (and lastlog processing, and, if we add PAM items, even >utmpx processing could move into PAM). E.g., TIMEOUT cannot be >implemented in PAM without extending PAM (LinuxPAM, IIRC, implements >timeouts in PAM).
But do we want to? Is there an *architectural* reason to do so? >It will take a medium-sized project to get rid of all these uses in Sun. >And it will require obsoleting, removing and replacing lots of committed >interfaces (configuration files -> SMF/whatever), which means giving a >certain amount of warning, and so on, and which therefore may not leave >enough time to actually complete such a project anytime soon. Yes. >BTW, a quick google search finds SCO manpages for def*(), and even some >(but not too much) non-OpenSolaris source code calling them, including a >post to an OpenAFS list from several years ago that implies that OpenAFS >has or had a login replacement that used def*(). I even found a Python >module implementing something like this. OpenAFS does many things that are illegal (including modifying creds); so I would not care about them. But I have found those manual pages before and so they have documented those very broken interfaces. Casper
