[HEADS UP]: OpenLDAP+nss_ldap+nss_modules separated patch and more (SoC)

Peter Jeremy peterjeremy at optushome.com.au
Fri Aug 25 22:00:42 UTC 2006

On Wed, 2006-Aug-23 15:55:23 -0500, Brooks Davis wrote:
>  Having authentication functions outside the base makes them
>more vulnerable to configuration problems and general library cross

Can you explain what you mean here.  Having a single OpenLDAP,
nss_ldap etc in ports would seem to have less scope for
misconfiguration than having one version in the base system and a
slightly different version in ports.

There are already a number of authentication modules in ports
that don't seem to cause serious problems.

>  It also means they can't work out of the box.

I disagree.  X11 and perl are both ports that work out-of-the-box.
There's no reason why OpenLDAP can't be a port on CD1 - which makes
it fairly transparent to users.

>  I think the
>costs are likely fairly small (no worse than those associated with
>OpenSSL) and the benefits are substantial.

As one of the majority who don't need LDAP authentication, I don't
see any benefits to me.

IMHO, FreeBSD should move towards a more modular system - a minimal
base with most of the functionality in optional packages (or ports).
Removing uucp, games and perl are steps in this direction.  I believe
there should be a very high bar on the import of functionality that
is already available in ports.

All the above said, I agree that if OpenLDAP is imported, it should be
built by default.

Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20060825/3600fad9/attachment.pgp

More information about the freebsd-current mailing list