From owner-freebsd-arch Tue Feb 20 13:26:25 2001 Delivered-To: freebsd-arch@freebsd.org Received: from smtp04.primenet.com (smtp04.primenet.com [206.165.6.134]) by hub.freebsd.org (Postfix) with ESMTP id 273EC37B401 for ; Tue, 20 Feb 2001 13:26:21 -0800 (PST) (envelope-from tlambert@usr05.primenet.com) Received: (from daemon@localhost) by smtp04.primenet.com (8.9.3/8.9.3) id OAA15394; Tue, 20 Feb 2001 14:20:42 -0700 (MST) Received: from usr05.primenet.com(206.165.6.205) via SMTP by smtp04.primenet.com, id smtpdAAAV3aaRD; Tue Feb 20 14:20:08 2001 Received: (from tlambert@localhost) by usr05.primenet.com (8.8.5/8.8.5) id OAA27852; Tue, 20 Feb 2001 14:25:31 -0700 (MST) From: Terry Lambert Message-Id: <200102202125.OAA27852@usr05.primenet.com> Subject: Re: DJBDNS vs. BIND To: dillon@earth.backplane.com (Matt Dillon) Date: Tue, 20 Feb 2001 21:25:31 +0000 (GMT) Cc: arch@freebsd.org In-Reply-To: <200102201804.f1KI4HG45260@earth.backplane.com> from "Matt Dillon" at Feb 20, 2001 10:04:17 AM X-Mailer: ELM [version 2.5 PL2] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG [ ... caching considered harmful ... ] > I don't even think it's that useful. Lets say you have a daemon (say, > named) that requires several configuration files and you want to > update all of them. Now how do you do it? DNSUPDAT, over socket 53. > I much rather like the idea of an editor-wrapper similar to vipw. That's a useful approach for externalized security data, where you can have an arbitrary amount of it lying around, but it's much less useful for, as an example, the hostname. Even for security data, really, the modifications should be hidden behind a PAM interface, with a program on the front end to do the work. If you still have a vipw after that, it's a program which externalizes the data, edits it, and then reinternalizes it (vipw today doesn't externalize the database contents, it operates on a flat file, which is then processed to create the database). For very large password lists, you need a programatic method, and that method has to be able to operate incrementally. This practically screams to discard the flat files. Actually, the hostname is particularly interesting, since you will have to partition the data so that you can have multiple instances; this is real obvious if you think in the context of how such daemons would need to be able to operate in "jails" (e.g. multiple copies of sendmail or other dameons). Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message