> > Can this be built as a library (say libpwgen) so that we can implement a
> > PAM module around this ? I see value in it being a standalone program
> > but even more value in also having a PAM module (this would be used
> > instead of or stacked above pam_authtok_get in some configurations).
I don't believe we want to provide such a module. It has far
broader implications than having a command. What if the password
generated conflicts with the password policies in /etc/default/....?
It has been considered in the past particularly with the fips 181
password generator (that as from their source, is crypto encumbered).
If there's going to be a PAM module, that needs to be a separate
case.
Gary..
