Date: Tue, 20 Sep 2011 17:21:03 -0700 From: Xin LI <delphij@delphij.net> To: Kostik Belousov <kostikbel@gmail.com> Cc: Dag-Erling Sm??rgrav <des@des.no>, Lev Serebryakov <lev@freebsd.org>, d@delphij.net, freebsd-security@freebsd.org Subject: Re: PAM modules Message-ID: <4E792DEF.30209@delphij.net> In-Reply-To: <20110920225109.GF1511@deviant.kiev.zoral.com.ua> References: <86boukbk8s.fsf@ds4.des.no> <4E738794.4050908@delphij.net> <86zki1afto.fsf@ds4.des.no> <4E78EA46.2080806@delphij.net> <86ty86zzcg.fsf@ds4.des.no> <1251419684.20110921022541@serebryakov.spb.ru> <4E7914E1.6040408@delphij.net> <849327678.20110921024347@serebryakov.spb.ru> <20110920225109.GF1511@deviant.kiev.zoral.com.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 09/20/11 15:51, Kostik Belousov wrote: [...] > Yes, the question of maintanence of the OpenLDAP code in the base > is not trivial by any means. I remember that openldap once broke > the ABI on its stable-like branch. That happen a few times however these are either not essential client library (libldap and liblber) API or it's not changing parameters or removing interfaces. Moreover, like the base libbsdxml.so, it's only intended to be used by base system only so it's relatively easier to maintain ABI stability, e.g. we can probably just expose only symbols that we use, etc. > Having API renamed during the import for the actively-developed > third-party component is probably a stopper. I am aware of the > rename done for ssh import in ssh_namespace.h, but I do not think > such approach scale. That's right. We did use a similar approach but again, if it's just libldap and liblber, the change would be quite slow over years. We do need to patch files. > Would the import of openldap and nss + pam ldap modules in src/ > give any benefits over having openldap and ldap nss + pam modules > on the dvd1 ? Well, for ldap nss + pam models, people usually want them to "just work" rather than wanting new features provided by a port installed OpenLDAP. That's said, the user expects he can update any port without risking into being locked out from the system plus these modules can be upgraded or updated with existing binary update mechanisms. The proposed approach would not be a whole OpenLDAP import (selected client libraries only) nor would replace the port by the way. Cheers, - -- Xin LI <delphij@delphij.net> https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iQEcBAEBCAAGBQJOeS3vAAoJEATO+BI/yjfB7K4H/jumiosXs6OWZ02l5ntDb06k MySle3NfvRBPIc0NL3FQUToJ2k1VzBJce53nAwXev/+YMOlbMjGcGlSuEzKSkQdE j+Iwop+Od8/3sF4rIl7kBREMYzhZEiyT+Wf6LUxqVYqepso0PEoMlc5AoUZt1ghy V1fdKrU7imhIM0IPgJJEi0LjK3z31CoujciuU8arnuBMbKNi5gZpJLRgB/L1s4jo pSdNH95fCF487OsXu6sQZW0jdutaKxOsUiL1HFlwlFMzi8vCEFaG+TkwedmSeP7p Ng4hTVTLM8JSmImVVTjF6qdQpZS8omVzt1MB4lE7gn/YwsUbLkSI+e8ejn1FP34= =DQuu -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E792DEF.30209>