Re: PAM modules

看板FB_security作者時間14年前 (2011/09/21 07:01), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串25/37 (看更多)
Hello, Xin. You wrote 21 =D1=81=D0=B5=D0=BD=D1=82=D1=8F=D0=B1=D1=80=D1=8F 2011 =D0=B3.,= 2:34:09: > That's true but is there any very compelling reason to do that (not > say no if someone really want to invest time on this and maintain it) > instead of just using an actively maintained codebase? The OpenLDAP > license is pretty similar to a BSD license: My point is not a license. I don't know, what is simpler: (a) strip-down and rename API for OpenLDAP and later import new releases, with new strip-downs and renames (IMHO, it is harder, than import and support almost-intact code, like sendmail or bind), or (b) maintain local code, most of which is auto-generated from standard by very mature and stable tool, as Lev's asn1c is. I know Lev personally, and he says, that this tool is used by many Telco operators and other Big Companies and he is not aware about any outstanding bugs (from year 2007!) even when very complex (much more complex than LDAPv3) ASN.1 rules are processed. Sometimes he is contacted for support, but always it is not bugs in compiler, but some other problems. Maybe, import and maintaining of hacked OpenLDAP is simpler in long-standing perspective. Maybe not. I only want to point, that if we want our own LDAP client library, we don't need to write tons of non-obvious, error-prone and security-sensitive code by hands. --=20 // Black Lion AKA Lev Serebryakov <lev@FreeBSD.org> _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 lev. 的文章
文章代碼(AID): #1EUHilH5 (FB_security)
更多 lev. 的文章
文章代碼(AID): #1EUHilH5 (FB_security)