Date: Sat, 26 Aug 2006 08:00:33 +1000 From: Peter Jeremy <peterjeremy@optushome.com.au> To: Brooks Davis <brooks@one-eyed-alien.net> Cc: freebsd-current@freebsd.org, Michael Bushkov <bushman@rsu.ru> Subject: Re: [HEADS UP]: OpenLDAP+nss_ldap+nss_modules separated patch and more (SoC) Message-ID: <20060825220033.GC16768@turion.vk2pj.dyndns.org> In-Reply-To: <20060823205523.GB27961@lor.one-eyed-alien.net> References: <44E9582C.2010400@rsu.ru> <44ECBB7D.4090905@FreeBSD.org> <20060823205523.GB27961@lor.one-eyed-alien.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--s9fJI615cBHmzTOP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, 2006-Aug-23 15:55:23 -0500, Brooks Davis wrote: > Having authentication functions outside the base makes them >more vulnerable to configuration problems and general library cross >threading. Can you explain what you mean here. Having a single OpenLDAP, nss_ldap etc in ports would seem to have less scope for misconfiguration than having one version in the base system and a slightly different version in ports. There are already a number of authentication modules in ports that don't seem to cause serious problems. > It also means they can't work out of the box. I disagree. X11 and perl are both ports that work out-of-the-box. There's no reason why OpenLDAP can't be a port on CD1 - which makes it fairly transparent to users. > I think the >costs are likely fairly small (no worse than those associated with >OpenSSL) and the benefits are substantial. As one of the majority who don't need LDAP authentication, I don't see any benefits to me. IMHO, FreeBSD should move towards a more modular system - a minimal base with most of the functionality in optional packages (or ports). Removing uucp, games and perl are steps in this direction. I believe there should be a very high bar on the import of functionality that is already available in ports. All the above said, I agree that if OpenLDAP is imported, it should be built by default. --=20 Peter Jeremy --s9fJI615cBHmzTOP Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFE73MB/opHv/APuIcRAoRQAJ4hJH6zxbOxfMg3UAuqHhQPNGH0HQCgkFta Pc3cMaMCGwiJETw2baEts2A= =xCFx -----END PGP SIGNATURE----- --s9fJI615cBHmzTOP--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060825220033.GC16768>