Date: Thu, 4 Dec 2003 16:01:22 -0800 From: sean@mcneil.com To: Doug Barton <DougB@freebsd.org> Cc: gnome@freebsd.org Subject: Re: xscreensaver Message-ID: <1070582482.3fcfcad244c5c@mcneil.com> In-Reply-To: <20031204145648.W23453@qbhto.arg> References: <1070573010.28210.1.camel@blue.mcneil.com> <oprzod39gi8ckrg5@smtp.central.cox.net> <1070576873.3fcfb4e92ccf8@mcneil.com> <20031204145648.W23453@qbhto.arg>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting Doug Barton <DougB@freebsd.org>: > On Thu, 4 Dec 2003 sean@mcneil.com wrote: > > > This is part of a bigger issue. It boils down as to whether FreeBSD > should > > support LDAP and how. > > There is no "FreeBSD" to support ldap. There are only interested users > who are willing to put the work into supporting it (or there are not). Yes, poor choice of words. More correct is whether one has to go through extra pain to make LDAP work properly. Like, for instance, modifying a port to enable PAM because there is no way to do it in make.conf. > > > This is one reason why the base system is moving to > > dynamic libraries vs. static. > > ldap specifically isn't, no. Better support for nsswitch in general > (including ldap) is _one_ of the reasons, yes. Yes, too narrow in my scope of wording. > > > The question is, do we want xscreensaver to work? > > It works perfectly for the vast majority of freebsd users, including the > large number of users who use xscreensaver without locking enabled. The > user community who is affected by the --without-pam option is extremely > small. Yes. True. However, adding support for a limited community doesn't have to be disregarded just because they are few. Especially if adding the support doesn't affect anyone else. I wouldn't propose something that harms others. > > > PAM is becoming a defacto standard and to not support it seems > > counter-productive. xscreensaver will check your installation to see > > if you have PAM. If you do, then it will compile it in. Unless, of > > course, you disable it. > > This statement indicates that you have no actual knowledge of the > situation at hand. Well... FreeBSD 5.x has PAM by default. I seem to recall my box when I had FreeBSD 4.9 on it had PAM support as well. I based my statement of it being defacto on current trends and default support. Looking at the configure script for xscreensaver shows me it does exactly what I said: If PAM is on the system, it will enable PAM. Otherwise, it doesn't compile it in. So if FreeBSD didn't have PAM installed, then xscreensaver wouldn't try to compile with it even though --disable-pam were removed. Of course, this makes sense. Otherwise, it wouldn't compile on systems that do not have PAM. So, my statement has nothing to do with lack of knowledge here with the exception that I didn't know PAM support was broken (didn't compile or work) before. Thanks to your comments, I am now enlightened. > > > I would love to hear the reasoning as to why PAM should not be > > supported. I'm sure you have some misgivings you haven't explained. > > A long time ago, the pam support for xscreensaver didn't compile. The > last time I got it to compile, it didn't work. Thus, it's been disabled > ever since. (See above for why this isn't actually a problem except for > a very few people.) > > Now, since I don't really use pam for anything if I can help it, and > since I definitely don't have ldap anywhere, I'm not going to be adding > features along this line (even protected by WITH_ knobs, which I agree > is a good idea). However, if you, or your friends, want to try enabling > the support, and then THOROUGHLY test it, in both pam AND non-pam cases, > I'll definitely be interested in your work, and I will probably even > commit it. What I won't do is blindly re-enable an option by default > that I know to have a tremendous downside potential. It's purely a > cost::benefit issue. Actually, if you are using a recent FreeBSD, then you probably are using PAM. Just that it is in turn using unix files that have passwords in the crypt format (or perhaps md5). Your statement is both fair and reasonable not to add support without complete testing. If and when I have the time, I would like to test it to your satisfaction. > > Doug > Thanks for your reply. I understand the situation more clearly now. Sean ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1070582482.3fcfcad244c5c>