From owner-freebsd-hackers  Sun Jun 10 11:15:14 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from szit.bme.hu (fourier.szit.bme.hu [152.66.84.8])
	by hub.freebsd.org (Postfix) with SMTP id 602BE37B407
	for <freebsd-hackers@FreeBSD.ORG>; Sun, 10 Jun 2001 11:14:59 -0700 (PDT)
	(envelope-from gyori@szit.bme.hu)
Received: (qmail 89320 invoked by uid 8452); 10 Jun 2001 18:14:57 -0000
Date: Sun, 10 Jun 2001 20:14:57 +0200 (CEST)
From: Gyori Sandor <gyori@szit.bme.hu>
To: "Jacques A. Vidrine" <n@nectar.com>
Cc: <freebsd-hackers@FreeBSD.ORG>
Subject: Re: nsswitch dynamically loadable modules
In-Reply-To: <20010610125044.A60711@hellblazer.nectar.com>
Message-ID: <20010610200113.T89118-100000@fourier.szit.bme.hu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Hello,

Thank you for your detailed explanation, I'm sure it will be great.

I have some short questions:

On Sun, 10 Jun 2001, Jacques A. Vidrine wrote:

>   = I  extended  the  implementation  to  support  dynamically  loaded
>     sources, and ported nss_ldap to use the invented interface.  These
>     are the patches you referred to.   This was a prototype to help me
>     understand the issues.   They will never be  committed, and should
>     not be used in production.

By applying these patches (nsswitch & nss_ldap) did you get a proper
working authentication via LDAP? I applied them, but system doesn't know
LDAP's user names. This is my fault or I should even not try this way?

>   = I  re-did  the implementation  using  a  design  that I  am  happy
>     with, and  interfaces which are agreed-upon-in-principal  with the
>     NetBSD nsswitch author.   In addition to new  interfaces, this new
>     implementation is reentrant (although YP and our resolver is not).
>     A major design goal was to enable the creation of modules that are
>     stubs  which talk  to a  long-running  daemon that  does the  hard
>     work.  PADL.COM's  nss_ldap is (IMHO) completely  unsuitable for a
>     production environment, particularly if you use SSL.

May I see this code anywhere? I can't find info about above way on your
homepage.

>   = Eventually I will finish  the implementation just described.  Left
>     to do  is updating some resolver-oriented  stuff like getaddrinfo,
>     and (importantly) creating an nsswitch-ldap daemon.
>
> If someone wants  to work on this  stuff, I would be happy  to hand it
> off after  we had sufficient  discussion so  that I was  confident the
> design was understood.  Otherwise, please wait.  I wish I had finished
> it sooner, but that's how it goes.

No, I'm not able to do this work, but if you need some help (e.g.
testing), I am ready.

Do you have any idea approximately when will you finish it? I think it's
very important.

Best wishes,
Sandor Gyori


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message