Re: PAM modules

看板FB_security作者時間14年前 (2011/09/21 08:32), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串27/37 (看更多)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 09/20/11 15:51, Kostik Belousov wrote: [...] > Yes, the question of maintanence of the OpenLDAP code in the base > is not trivial by any means. I remember that openldap once broke > the ABI on its stable-like branch. That happen a few times however these are either not essential client library (libldap and liblber) API or it's not changing parameters or removing interfaces. Moreover, like the base libbsdxml.so, it's only intended to be used by base system only so it's relatively easier to maintain ABI stability, e.g. we can probably just expose only symbols that we use, etc. > Having API renamed during the import for the actively-developed > third-party component is probably a stopper. I am aware of the > rename done for ssh import in ssh_namespace.h, but I do not think > such approach scale. That's right. We did use a similar approach but again, if it's just libldap and liblber, the change would be quite slow over years. We do need to patch files. > Would the import of openldap and nss + pam ldap modules in src/ > give any benefits over having openldap and ldap nss + pam modules > on the dvd1 ? Well, for ldap nss + pam models, people usually want them to "just work" rather than wanting new features provided by a port installed OpenLDAP. That's said, the user expects he can update any port without risking into being locked out from the system plus these modules can be upgraded or updated with existing binary update mechanisms. The proposed approach would not be a whole OpenLDAP import (selected client libraries only) nor would replace the port by the way. Cheers, - -- Xin LI <delphij@delphij.net> https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iQEcBAEBCAAGBQJOeS3vAAoJEATO+BI/yjfB7K4H/jumiosXs6OWZ02l5ntDb06k MySle3NfvRBPIc0NL3FQUToJ2k1VzBJce53nAwXev/+YMOlbMjGcGlSuEzKSkQdE j+Iwop+Od8/3sF4rIl7kBREMYzhZEiyT+Wf6LUxqVYqepso0PEoMlc5AoUZt1ghy V1fdKrU7imhIM0IPgJJEi0LjK3z31CoujciuU8arnuBMbKNi5gZpJLRgB/L1s4jo pSdNH95fCF487OsXu6sQZW0jdutaKxOsUiL1HFlwlFMzi8vCEFaG+TkwedmSeP7p Ng4hTVTLM8JSmImVVTjF6qdQpZS8omVzt1MB4lE7gn/YwsUbLkSI+e8ejn1FP34= =DQuu -----END PGP SIGNATURE----- _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 delphij. 的文章
文章代碼(AID): #1EUJ24zL (FB_security)
更多 delphij. 的文章
文章代碼(AID): #1EUJ24zL (FB_security)