>It seems that we should strongly consider introducing some sort of library >of module support functions, that individual modules could use, instead of >having to replicate them. This would greatly ease module maintenance and >would also assist development of new functionality (both of new modules >and within existing modules). FreeBSD has done a fair bit of work to eliminate wasted code. For example there is code to parse the standard PAM options (try_first_pass, for example) as well as user-defined options. Well worth integrating into PAM, it would make my life easier too as I wouldn't have to track both Linux-PAM and FreeBSD PAM for the Darwin port! One thing, however, having written a lot of PAM modules for Darwin, is that I've replicated the password-changing conversation dance several times for different modules (NetInfo, AFP, NIS, etc). That's one thing that should be put in a library, but is tricky because it requires callbacks to authenticate a user as well as actually changing their passwords, and different authentication systems handle password changing policies differently. cheers, -- Luke -- Luke Howard | lukehoward.com PADL Software | www.padl.com
