[HEADS UP]: OpenLDAP+nss_ldap+nss_modules separated patch and
more (SoC)
Peter Jeremy
peterjeremy at optushome.com.au
Fri Aug 25 22:00:42 UTC 2006
On Wed, 2006-Aug-23 15:55:23 -0500, Brooks Davis wrote:
> Having authentication functions outside the base makes them
>more vulnerable to configuration problems and general library cross
>threading.
Can you explain what you mean here. Having a single OpenLDAP,
nss_ldap etc in ports would seem to have less scope for
misconfiguration than having one version in the base system and a
slightly different version in ports.
There are already a number of authentication modules in ports
that don't seem to cause serious problems.
> It also means they can't work out of the box.
I disagree. X11 and perl are both ports that work out-of-the-box.
There's no reason why OpenLDAP can't be a port on CD1 - which makes
it fairly transparent to users.
> I think the
>costs are likely fairly small (no worse than those associated with
>OpenSSL) and the benefits are substantial.
As one of the majority who don't need LDAP authentication, I don't
see any benefits to me.
IMHO, FreeBSD should move towards a more modular system - a minimal
base with most of the functionality in optional packages (or ports).
Removing uucp, games and perl are steps in this direction. I believe
there should be a very high bar on the import of functionality that
is already available in ports.
All the above said, I agree that if OpenLDAP is imported, it should be
built by default.
--
Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20060825/3600fad9/attachment.pgp
More information about the freebsd-current
mailing list