PAM modules -> LDAP!

[Ryan Steinmetz]

On (09/17/11 14:30), Hartmann, O. wrote:
> On 09/16/11 23:36, Mike Carlson wrote:
> > On 09/16/2011 08:05 AM, Dag-Erling Sm??rgrav wrote:
> >> We currently have a number of PAM modules in ports, and while some of
> >> them are specific to certain third-party software, many aren't.  I
> >> believe we would benefit from importing at least some of these into
> >> base.  My question is: which ones?
> >>
> >> DES
> > LDAP support out of the box would be fantastic.
> >
> > Mike C
> > _______________________________________________
> > freebsd-security at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-security
> > To unsubscribe, send any mail to
> > "freebsd-security-unsubscribe at freebsd.org"
> 
> Also a strong vote for LDAP support. LDAP is our backend for several
> server systems and it is a kind of pain
> having to think first for the ports to be installed. Also I suspect and
> hope a better integration if LDAP gets
> part of the core system.
> 
> Regards,
> Oliver
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"

I think some caution should be used whenever we discuss merging things
into the base system.  There may be other ways of achieving the same
functionality, without the challenges that come with merging things
directly into the base system.  Ports tend to be easier to update (in
terms of version bumps/features additions) when compared to things that
become part of base.

I think an interesting concept would be something that gave us the
ability to (easily) tie certain ports into software from the base system.
Something that would allow the software to be more easily kept current.
Perhaps this could be done via some sort of base-integrated ports
category that require extra-special care/controls when being updated.

Using the above idea, perhaps we could have ISOs or the like available
that include these 'base-integrated' ports pre-installed, thus giving
users the ability to (effectively) have an out-of-the-box solution that
included LDAP support, etc., while still having these 'base-integrated'
ports loosely coupled with the base OS.  The concept could keep the base
system lean, but provide the flexibility that users desire.

Obviously there are some complexities associated with implementing the
framework and details that would need to be worked out, but this could
address:
-The desire to keep the base system lean
-The desire to provide certain features out-of-the-box
-The ability to keep these 'base-integrated' ports more current in terms
of features/functionality
 
-r
 

-- 
Ryan Steinmetz
PGP: EF36 D45A 5CA9 28B1 A550  18CD A43C D111 7AD7 FAF2