Date: Thu, 22 Sep 2011 22:19:41 -0400 (EDT) From: Benjamin Kaduk <kaduk@MIT.EDU> To: d@delphij.net Cc: freebsd-security@freebsd.org Subject: Re: PAM modules Message-ID: <alpine.GSO.1.10.1109222216090.882@multics.mit.edu> In-Reply-To: <4E792DEF.30209@delphij.net> References: <86boukbk8s.fsf@ds4.des.no> <4E738794.4050908@delphij.net> <86zki1afto.fsf@ds4.des.no> <4E78EA46.2080806@delphij.net> <86ty86zzcg.fsf@ds4.des.no> <1251419684.20110921022541@serebryakov.spb.ru> <4E7914E1.6040408@delphij.net> <849327678.20110921024347@serebryakov.spb.ru> <20110920225109.GF1511@deviant.kiev.zoral.com.ua> <4E792DEF.30209@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 20 Sep 2011, Xin LI wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 09/20/11 15:51, Kostik Belousov wrote: > [...] >> Yes, the question of maintanence of the OpenLDAP code in the base >> is not trivial by any means. I remember that openldap once broke >> the ABI on its stable-like branch. > > That happen a few times however these are either not essential client > library (libldap and liblber) API or it's not changing parameters or > removing interfaces. Moreover, like the base libbsdxml.so, it's only > intended to be used by base system only so it's relatively easier to > maintain ABI stability, e.g. we can probably just expose only symbols > that we use, etc. This is not without its own failures. For example, I sometimes find myself wanting a kgetcred(1) from heimdal, but we do not build it as part of our base heimdal. As a separate utility, this is not so bad; for a library, things can get much more annoying. Only exposing a limited set of symbols can make third-party tools that want extra symbols very sad, unless it is easy to drop in a full version from ports and still have all of base "just work". I do not quite think that the current state of ports for ldap would "just work" without some extra configuration (though, nor have I tried something like it). -Ben Kaduk
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.GSO.1.10.1109222216090.882>