> Debian 1.3 has shadow support built in, last I heard. It's just gone into
> testing. I agree you have to install a few packages to make it work in 1.2,
> but this is not a big deal.
Is there some philosophical problem with incorporating PAM as-is? It's
already pretty well tested... I don't see why anyone would want to
use non-shadowed passwords at all these days, at least with a machine
connected to the internet. In addition to the INN trick, I see people
trying the published web server and sendmail games too.
> One thing you should consider is how much "systems" work you do on Linux.
> For example, if you are building a lot of free software packages you might
> consider packaging them for Debian and leveraging your own work into a
> contribution that benefits lots of people.
It has totaled a lot, updating about 8 machines piecmeal. However
by now I think everything involved has been packaged already except
the shadow-in-a-box combo which would be better done with PAM. Some
things just need to be custom-compiled regardless, like apache with the
modules you need locally (php/mod_perl, etc.) I'd have a problem doing
packaging that moved locations from the place that 'make install' wants
them to live anyway.