Dallas N Antley <dna+pgsql@clas.ufl.edu> writes:
> I think I know why pam authentication fails with the pam_unix*
> modules, but would appreciate your opinion.
I think you've proven that the particular PAM modules you are testing
with are useless for programs executing as non-root, but that doesn't
mean the entire concept is broken. Look around ... there are lots of
PAM modules (or at least that's the theory).
BTW, what are those "door_info()" and "door_call()" calls shown in the
truss output? Could it be that those are supposed to get the PAM code
into a higher authorization level?
regards, tom lane
