PAM modules

Xin LI delphij at delphij.net
Wed Sep 21 00:21:05 UTC 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 09/20/11 15:51, Kostik Belousov wrote:
[...]
> Yes, the question of maintanence of the OpenLDAP code in the base 
> is not trivial by any means. I remember that openldap once broke 
> the ABI on its stable-like branch.

That happen a few times however these are either not essential client
library (libldap and liblber) API or it's not changing parameters or
removing interfaces.  Moreover, like the base libbsdxml.so, it's only
intended to be used by base system only so it's relatively easier to
maintain ABI stability, e.g. we can probably just expose only symbols
that we use, etc.

> Having API renamed during the import for the actively-developed
> third-party component is probably a stopper. I am aware of the
> rename done for ssh import in ssh_namespace.h, but I do not think
> such approach scale.

That's right.  We did use a similar approach but again, if it's just
libldap and liblber, the change would be quite slow over years.  We do
need to patch files.

> Would the import of openldap and nss + pam ldap modules in src/
> give any benefits over having openldap and ldap nss + pam modules
> on the dvd1 ?

Well, for ldap nss + pam models, people usually want them to "just
work" rather than wanting new features provided by a port installed
OpenLDAP.  That's said, the user expects he can update any port
without risking into being locked out from the system plus these
modules can be upgraded or updated with existing binary update mechanisms.

The proposed approach would not be a whole OpenLDAP import (selected
client libraries only) nor would replace the port by the way.

Cheers,
- -- 
Xin LI <delphij at delphij.net>	https://www.delphij.net/
FreeBSD - The Power to Serve!		Live free or die
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (FreeBSD)

iQEcBAEBCAAGBQJOeS3vAAoJEATO+BI/yjfB7K4H/jumiosXs6OWZ02l5ntDb06k
MySle3NfvRBPIc0NL3FQUToJ2k1VzBJce53nAwXev/+YMOlbMjGcGlSuEzKSkQdE
j+Iwop+Od8/3sF4rIl7kBREMYzhZEiyT+Wf6LUxqVYqepso0PEoMlc5AoUZt1ghy
V1fdKrU7imhIM0IPgJJEi0LjK3z31CoujciuU8arnuBMbKNi5gZpJLRgB/L1s4jo
pSdNH95fCF487OsXu6sQZW0jdutaKxOsUiL1HFlwlFMzi8vCEFaG+TkwedmSeP7p
Ng4hTVTLM8JSmImVVTjF6qdQpZS8omVzt1MB4lE7gn/YwsUbLkSI+e8ejn1FP34=
=DQuu
-----END PGP SIGNATURE-----

More information about the freebsd-security mailing list