Chris Jaeger wrote: > It does seem a little bit awkward that one has > to write two libraries conforming to separate APIs in order > to authenticate a user and retrieve his or her attributes. > I do agree with Nicolas though, that targeting the read-side > of the API(s) may be more appropriate. > > Just to be clear... Targeting the read-side of the API *first* may be more appropriate. Perhaps PAM and NSS should be made one API, given that both deal with attributes (the information necessary to authenticate a user being the attributes that PAM is primarily concerned with now). Or perhaps a rewrite of NSS with PAM's configurability. I'll admit that I'm not currently looking for the best API; just one that would allow me to get away with what I want without having to customize many applications. The funny thing is that having read up on NSS now, I could achieve what I want through a new NSS library in most of those 98% of applications that I mentioned earlier. However, the 2% that seem to do things the right way (Linux's login, Michael Tokarev's POP daemon) still require that I use my PAM module. So there is obviously something missing somewhere. Chris
