After a very long time of discussions and waiting, OpenPAM is being merged into NetBSD, as you can see in the src/dist/openpam directory.

OpenPAM is a BSD-licensed PAM (Pluggable Authentication Modules) implementation, which focuses on simplicity, correctness and cleanliness (according to its website). It has the best features of Solaris PAM, XSSO and Linux PAM, plus improvements of its own. This software was originally developed for the FreeBSD operating system, but is portable to other BSDs as well as Linux.

But... which are the discussions I mentioned above? Every time someone proposed the integration of PAM into NetBSD, a flame was started: some people wanted PAM, others wanted BSD Auth (sorry, couldn't find a link) and a few preferred neither of them. These arguments lead nowhere. But, at last, consensus was reached and PAM is the choice!

Note that ATM, the build of OpenPAM is disabled. It has been imported into the tree to let other developers help in its integration and to ease cooperation. This has been done by Christos Zoulas, who will continue its work in this area. I expect it will be fully working in a few weeks :)

But why having PAM in the base system is so important? After all, it has been available for ages in pkgsrc. The reason is that if it is in the base system, all other parts of it can take profit of this security framework; for example, login or passwd. And this is a great improvement in the security area.

Comments from the original Blogger-hosted post: