From owner-freebsd-current@FreeBSD.ORG Tue Nov 25 17:00:18 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EDF3316A4CE; Tue, 25 Nov 2003 17:00:18 -0800 (PST) Received: from mail.dt.e-technik.uni-dortmund.de (krusty.dt.e-technik.Uni-Dortmund.DE [129.217.163.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 20C7543F75; Tue, 25 Nov 2003 17:00:17 -0800 (PST) (envelope-from ma@dt.e-technik.uni-dortmund.de) Received: from m2a2.dyndns.org (krusty.dt.e-technik.uni-dortmund.de [129.217.163.1])B571016241; Wed, 26 Nov 2003 02:00:15 +0100 (CET) Received: by merlin.emma.line.org (Postfix, from userid 500) id DEF6A91AF7; Wed, 26 Nov 2003 02:00:09 +0100 (CET) To: Matthew Dillon In-Reply-To: <200311252039.hAPKdBfq080963@apollo.backplane.com> (Matthew Dillon's message of "Tue, 25 Nov 2003 12:39:11 -0800 (PST)") References: <20031125025621.453732A8FC@canning.wemm.org> <200311250311.hAP3BTCO075916@apollo.backplane.com> <20031125150700.GA48007@madman.celabo.org> <20031125201421.GB54467@madman.celabo.org> <200311252039.hAPKdBfq080963@apollo.backplane.com> From: Matthias Andree Date: Wed, 26 Nov 2003 02:00:08 +0100 Message-ID: User-Agent: Gnus/5.1003 (Gnus v5.10.3) Emacs/21.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: "Jacques A. Vidrine" cc: freebsd-current@freebsd.org cc: "M. Warner Losh" Subject: NSS and PAM, dynamic vs. static (was: 40% slowdown with dynamic /bin/sh) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Nov 2003 01:00:19 -0000 Matthew Dillon writes: > How much do you intend to use NSS for? I mean, what's the point of > adopting this cool infrastructure if all you are going to do with it > is make a better PAM out of it? The important thing is that NSS allows to plug modules such as LDAP or PostgreSQL for user base management. PAM is only halfway there and doesn't give libc et al. a notion of a user or group context (in spite of its "account" context), NSS does. One might discuss if PAM is really needed with NSS in place, but it's hard to think of a system without NSS and removing PAM now doesn't look right. Of course, you can stuff the whole NSS client side (thinking "IPC") into a statically linked executable. To stall this discussion: I don't mind if NSS is dynamically or statically linked. I won't let this drift into any other dynamic <-> static discussion. > reason that I can see, and coming up with all sorts of extra junk, > like /rescue, to work around that fact. As a user, I like /rescue better than the step-child that /stand/* used to be. It's part of the world, which /stand wasn't. One word of warning: there used to be SuSE Linux versions that wouldn't let you log in single-user mode when the system was using NIS in multi-user because there was nothing to communicate with through AF_UNIX sockets yet this was expected to be able to log in. There are potholes and pitfalls that I consider major considered with a dynamic /bin /sbin setup. Watch out. -- Matthias Andree Encrypt your mail: my GnuPG key ID is 0x052E7D95