DragonFly BSD
DragonFly kernel List (threaded) for 2013-03
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: DragonFly 3.4 release planning


From: Chris Turner <c.turner@xxxxxxxxxxxxxxxxxxx>
Date: Sat, 30 Mar 2013 16:08:18 -0500

On 03/30/13 15:18, Samuel J. Greear wrote:
> I think the cleanest solution is to compile in a pam module to kick auth requests to an auth daemon that is capable of loading nss modules (or even other pam modules). That said, I have neither verified that this is absolutely possible within the constraints of the NSS API, nor do I intend to be the one doing the work, not having any pressing need for NSS myself.

Reflecting more - I think it's impossible to have a solution that fits both needs -

E.g.:

- dynamic support for key system routines is required for dynamic sources of data
- static support for key system routines rules out dynamic sources of data

so either you have to introduce something 'dynamic' (which removes the 'safety' of static)
or you leave it static, which rules out 'dynamic'

So I agree the 'auth daemon' approach is probably the cleanest because it allows a way
have a 'controlled escape' into (e.g. static level of)  'dynamic lookup'

but, that leaves poor franceois out in the cold w/r/t ldap + KRB :D

Maybe a build flag is a happy medium until someone can 'do it right'?

Cheers,

- Chris









[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]