Please I'd like to get your opinion about a very simple idea for a PAM module.
In some cases, an administrator could need some particular and simple authentication scheme. This would need him to write a new pam module, but I think the admin would prefer just to write/modify some sort of script for the same thing. A module (pam_run, for give a name) would just run the script and return PAM_SUCCESS or PAM_ERR upon the script's return value. The pathname of the script would be the first argument for the module in the configuration file.
I just wrote an implementation for this (I've taked the confidence to send it to you, sorry.) Because of the simplicity of the whole thing, I'm not sure if there is some PAM module to do the same (I couldn't find.) I've compiled it in Red Hat 7.1 (from the pam-0.74's source tree.)