1 History
Dag-Erling Smørgrav edited this page 2021-10-20 23:28:58 +02:00


OpenPAM was developed by Dag-Erling Smørgrav (initially as an employee of ThinkSec), with occasional and much-appreciated contributions from a number of other people. Development started in early 2002 with funding from what was then Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research program.

The attendant OpenSSH work was a direct continuation of an earlier effort by ThinkSec's Eivind Eklund, which was funded by the now-defunct Norwegian ISP Enitel.

Dag-Erling's mandate was initially to maintain FreeBSD's Linux-PAM port and its existing set of PAM modules, develop additional PAM modules, and add PAM support to FreeBSD's OpenSSH port. In that context, OpenPAM was intended as a testing and validation framework for PAM applications and modules. However, due to fundamental architectural flaws in Linux-PAM and its extremely poor code quality, the decision was made to develop OpenPAM into a full-fledged PAM implementation.

A number of features, such as module option handling, credential borrowing and ready-made conversation functions, were added to minimize code duplication in modules and applications. With a few intentional exceptions, these extensions are clearly marked as such.

OpenPAM replaced Linux-PAM in FreeBSD in March, 2002. The first official FreeBSD release to ship with OpenPAM was FreeBSD 5.1 in June, 2003 (5.0, which also included OpenPAM was a “technological preview”).

The first official NetBSD release with OpenPAM was NetBSD 3.0 in December, 2005.

Apple started the transition to OpenPAM in 2008; the first MacOS X release to ship with OpenPAM was MacOS X 10.6 “Snow Leopard” in August, 2009.

The OpenSSH PAM integration code which was developed in conjunction with OpenPAM was adopted by the OpenSSH-portable maintainers in 2003 and has been included in OpenSSH-portable since 3.7p1.