From owner-freebsd-current@FreeBSD.ORG Fri Aug 25 22:00:42 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8F1AE16A4DD for ; Fri, 25 Aug 2006 22:00:42 +0000 (UTC) (envelope-from peterjeremy@optushome.com.au) Received: from mail11.syd.optusnet.com.au (mail11.syd.optusnet.com.au [211.29.132.192]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7F5F5441DF for ; Fri, 25 Aug 2006 22:00:40 +0000 (GMT) (envelope-from peterjeremy@optushome.com.au) Received: from turion.vk2pj.dyndns.org (c220-239-19-236.belrs4.nsw.optusnet.com.au [220.239.19.236]) by mail11.syd.optusnet.com.au (8.12.11/8.12.11) with ESMTP id k7PM0bkk027034 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Sat, 26 Aug 2006 08:00:38 +1000 Received: from turion.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1]) by turion.vk2pj.dyndns.org (8.13.6/8.13.6) with ESMTP id k7PM0b74017053; Sat, 26 Aug 2006 08:00:37 +1000 (EST) (envelope-from peter@turion.vk2pj.dyndns.org) Received: (from peter@localhost) by turion.vk2pj.dyndns.org (8.13.6/8.13.6/Submit) id k7PM0Yl4017052; Sat, 26 Aug 2006 08:00:34 +1000 (EST) (envelope-from peter) Date: Sat, 26 Aug 2006 08:00:33 +1000 From: Peter Jeremy To: Brooks Davis Message-ID: <20060825220033.GC16768@turion.vk2pj.dyndns.org> References: <44E9582C.2010400@rsu.ru> <44ECBB7D.4090905@FreeBSD.org> <20060823205523.GB27961@lor.one-eyed-alien.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="s9fJI615cBHmzTOP" Content-Disposition: inline In-Reply-To: <20060823205523.GB27961@lor.one-eyed-alien.net> X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc User-Agent: Mutt/1.5.12-2006-07-14 Cc: freebsd-current@freebsd.org, Michael Bushkov Subject: Re: [HEADS UP]: OpenLDAP+nss_ldap+nss_modules separated patch and more (SoC) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Aug 2006 22:00:42 -0000 --s9fJI615cBHmzTOP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, 2006-Aug-23 15:55:23 -0500, Brooks Davis wrote: > Having authentication functions outside the base makes them >more vulnerable to configuration problems and general library cross >threading. Can you explain what you mean here. Having a single OpenLDAP, nss_ldap etc in ports would seem to have less scope for misconfiguration than having one version in the base system and a slightly different version in ports. There are already a number of authentication modules in ports that don't seem to cause serious problems. > It also means they can't work out of the box. I disagree. X11 and perl are both ports that work out-of-the-box. There's no reason why OpenLDAP can't be a port on CD1 - which makes it fairly transparent to users. > I think the >costs are likely fairly small (no worse than those associated with >OpenSSL) and the benefits are substantial. As one of the majority who don't need LDAP authentication, I don't see any benefits to me. IMHO, FreeBSD should move towards a more modular system - a minimal base with most of the functionality in optional packages (or ports). Removing uucp, games and perl are steps in this direction. I believe there should be a very high bar on the import of functionality that is already available in ports. All the above said, I agree that if OpenLDAP is imported, it should be built by default. --=20 Peter Jeremy --s9fJI615cBHmzTOP Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFE73MB/opHv/APuIcRAoRQAJ4hJH6zxbOxfMg3UAuqHhQPNGH0HQCgkFta Pc3cMaMCGwiJETw2baEts2A= =xCFx -----END PGP SIGNATURE----- --s9fJI615cBHmzTOP--