From owner-freebsd-hackers Fri Apr 17 22:57:03 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id WAA08612 for freebsd-hackers-outgoing; Fri, 17 Apr 1998 22:57:03 -0700 (PDT) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from antipodes.cdrom.com (castles115.castles.com [208.214.165.115]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA08604 for ; Sat, 18 Apr 1998 05:56:59 GMT (envelope-from mike@antipodes.cdrom.com) Received: from antipodes.cdrom.com (localhost [127.0.0.1]) by antipodes.cdrom.com (8.8.8/8.8.5) with ESMTP id WAA00781; Fri, 17 Apr 1998 22:53:41 -0700 (PDT) Message-Id: <199804180553.WAA00781@antipodes.cdrom.com> X-Mailer: exmh version 2.0zeta 7/24/97 To: Robert Watson cc: Mike Smith , Archie Cobbs , hackers@FreeBSD.ORG Subject: Re: Discussion : Using DHCP to obtain configuration. In-reply-to: Your message of "Fri, 17 Apr 1998 17:51:51 EDT." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 17 Apr 1998 22:53:41 -0700 From: Mike Smith Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > On Thu, 16 Apr 1998, Mike Smith wrote: > > Actually, what I want is a stub version of the LDAP client library that > > can be linked into a few of the items that run early on (init, mount, > > fsck, dhclient, etc), before the network is up. Once the net is up, > > everything parametric ought to be indirected through a generic "get me > > a parameter" API. > > See, so the reason I find this concerning is that it stores the > configuration information (presumably) in a single repository, and the > kernel enforcement of the security on this repository can't be made finer > grained. The kernel has little or nothing of a say in the matter. If you stop a moment and realise that the information in question may not even be local to the system in question, you'll realise that access controls have to be a part of the parameter store itself. Fortunately for your peace of mind, LDAP supports ACL controls. > If the two approaches can be made compatible, I am all for a more sane > configuration system :). If not, then I see problems. If we can't come up with an acceptable compromise, then naturally it's not going to be accepted. One thing at a time - make it happen at all first. 8) -- \\ Sometimes you're ahead, \\ Mike Smith \\ sometimes you're behind. \\ mike@smith.net.au \\ The race is long, and in the \\ msmith@freebsd.org \\ end it's only with yourself. \\ msmith@cdrom.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message