From owner-freebsd-hackers  Sun Oct 10  9:11:44 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from haldjas.folklore.ee (Haldjas.folklore.ee [193.40.6.121])
	by hub.freebsd.org (Postfix) with ESMTP id D41E71502F
	for <FreeBSD-Hackers@FreeBSD.ORG>; Sun, 10 Oct 1999 09:11:23 -0700 (PDT)
	(envelope-from narvi@haldjas.folklore.ee)
Received: from localhost (narvi@localhost)
	by haldjas.folklore.ee (8.9.3/8.9.3) with SMTP id TAA08466;
	Sun, 10 Oct 1999 19:11:14 +0300 (EEST)
	(envelope-from narvi@haldjas.folklore.ee)
Date: Sun, 10 Oct 1999 19:11:14 +0300 (EEST)
From: Narvi <narvi@haldjas.folklore.ee>
To: Wilfredo Sanchez <wsanchez@apple.com>
Cc: Pat Dirks <pwd@apple.com>,
	FreeBSD Hackers <FreeBSD-Hackers@FreeBSD.ORG>
Subject: Re: Apple's planned appoach to permissions on movable filesystems
In-Reply-To: <199910070004.RAA29320@scv2.apple.com>
Message-ID: <Pine.BSF.3.96.991010185949.7053B-100000@haldjas.folklore.ee>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


Sorry, this is somewhat late.

On Wed, 6 Oct 1999, Wilfredo Sanchez wrote:

> | Have you given consideration to systems where the user/group  
> database is
> | kept for (possibly a large) number of computers in a centralised  
> manner by
> | say hesiod or nys (nis+). It would be nice if there was an easy  
> interface
> | with these so that distributing the local system id numbers need not be 
> | done by hand.
> 
>   It's complicated.  We do have a distributed database (NetInfo) and  
> we considered perhaps using the name of the NetInfo domain to  
> determine local vs. foreign.  The problem is that distributed  
> databases are sometimes hierarchical, and can be mixed.  For example:
> 

Well, people for some reason miss the point. What I was talking about is
the 'interface', and that it be easy to attach things to it.

Site A will want to distribute the ids via hesiod.
Site B will want to distribute the ids via nis+.
Site C wants to do it via Netinfo
Site D wantd to use LDAP.

There may be others (SNMP?).

One way to do this is for example to have:
	a) a parameter (by default null) that specifies which program
	   to run to get a list of local system ids
	b) a parameters (by default null) that specifies which program
	   to run if we want to verify if a certain id has been added
	   to the set of local ids since the startup.

As the program can be anything (inc. a shell script) almost any way of
distributing the local systems ids can be accomodated. 

This is of course just one way to achieve it (think of PAM).

[snip]

> 
> 	-Fred
> 
> 
> --
>        Wilfredo Sanchez, wsanchez@apple.com
> Apple Computer, Inc., Core Operating Systems / BSD
>           Technical Lead, Darwin Project
>    1 Infinite Loop, 302-4K, Cupertino, CA 95014
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-hackers" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message