DragonFly kernel List (threaded) for 2003-07
Re: packaging system
Matthew Dillon wrote:
> :Gday all,
> :Just a couple of questions.
> :Has anyone got any ideas on what you are envisioning for the packaging
> :system of dragonfly. I have used FreeBSDs ports, debians dpkg and Osx's
> :fink for a bit and I am interested in software distribution and update
> :systems. I would be happy to begin looking into a helping with a higher
> :level design or even just happy to help compile peoples ideas for web
> I have a basic idea of what I would like to see, and how it could be
> accomplished. I discuss it somewhat in the Goals section of the
> :Also what are your thoughts of NSS switch.. are you planning to
> :integrate this feature into dragonfly? I am a stalwart supporter of the
> :move to ldap as the core of an os's AAA model.
> Well, I don't know enough about NSS switch to comment on it. I do
> know what I want to see for authentication and that is a port
> service... a user level daemon, which takes and responds to requests
> from processes
> for user, group, and other authentication info. e.g. it would run the
> password crypt check too, and would be able to ask for (opaque to it)
> config files and environment variables from the requesting client in
> order to resolve things like ssh keys, kerberos, and so forth. It
> would deal with NIS or other over-the-network authentication systems
> as well.
> All of that would be invisible to the requesting client. I
> really dislike having to compile authentication support into every
> in the system, even if it is in DLL form (like PAM. I really hate
> e.g., the conversation would go something like this:
> program: help, I need to authenticate 'charlie'! I have the following
> pieces of opaque data:
> - Something called a ssh2_public_key, whatever that is
> - Something called ORIGINATING_IP, whatever that is
> service: send me your ~/.rhosts, ~/.shosts, ~/.ssh/authorized_keys
> file please.
> program: I only have ~/.shosts and ~/.ssh/... here ya go.
> service: that's good enough, your authenticated for the following
> (opaque) capabilities: (list of opaque capabilities)
> program: Thanks! I have no idea what these capabilties are but I'll
> them out (one could be related to ssh that ssh understands. If this
> program is ssh then it will understand the ssh-related capabilities).
> And so on and so forth.
> :Lastly have you thought about doing some research into some of the
> :technologies used in darwin to possibly add even more to you new
> :distribution. This is just a general fish for ideas from people in this
> :group and is not directed at any particular part of darwin.
> It would depend on the technology. Some things might not mesh well
> with the existing goal set, other things might.
> Matthew Dillon
> :BTW good to see there still people out there who are brave enough to
> :break away from the establishment, roll up there sleeves and break some
> :stuff in the name of learning and innovation.
> :Mark Wolfe
> :Hammond Street Developments
There are the beginnings of nsswitch in RCng.