DragonFly BSD
DragonFly kernel List (threaded) for 2003-07
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: packaging system

From: Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxx>
Date: Fri, 18 Jul 2003 20:11:14 -0700 (PDT)

:Gday all,
:Just a couple of questions.
:Has anyone got any ideas on what you are envisioning for the packaging 
:system of dragonfly. I have used FreeBSDs ports, debians dpkg and Osx's 
:fink for a bit and I am interested in software distribution and update 
:systems. I would be happy to begin looking into a helping with a higher 
:level design or even just happy to help compile peoples ideas for web 

    I have a basic idea of what I would like to see, and how it could be
    accomplished.  I discuss it somewhat in the Goals section of the

:Also what are your thoughts of NSS switch.. are you planning to 
:integrate this feature into dragonfly? I am a stalwart supporter of the 
:move to ldap as the core of an os's AAA model.

    Well, I don't know enough about NSS switch to comment on it.  I do
    know what I want to see for authentication and that is a port service...
    a user level daemon, which takes and responds to requests from processes
    for user, group, and other authentication info.  e.g. it would run the
    password crypt check too, and would be able to ask for (opaque to it) 
    config files and environment variables from the requesting client in
    order to resolve things like ssh keys, kerberos, and so forth.  It would
    deal with NIS or other over-the-network authentication systems as well.
    All of that would be invisible to the requesting client.  I
    really dislike having to compile authentication support into every program
    in the system, even if it is in DLL form (like PAM.  I really hate PAM).

    e.g., the conversation would go something like this:

    program: help, I need to authenticate 'charlie'!  I have the following
    pieces of opaque data:

	- Something called a ssh2_public_key, whatever that is
	- Something called ORIGINATING_IP, whatever that is

    service: send me your ~/.rhosts, ~/.shosts, ~/.ssh/authorized_keys file

    program: I only have ~/.shosts and ~/.ssh/... here ya go.

    service: that's good enough, your authenticated for the following (opaque)
    capabilities: (list of opaque capabilities)

    program: Thanks!  I have no idea what these capabilties are but I'll hand
    them out (one could be related to ssh that ssh understands.  If this 
    program is ssh then it will understand the ssh-related capabilities).

    And so on and so forth.

:Lastly have you thought about doing some research into some of the 
:technologies used in darwin to possibly add even more to you new 
:distribution. This is just a general fish for ideas from people in this 
:group and is not directed at any particular part of darwin.

    It would depend on the technology.  Some things might not mesh well with
    the existing goal set, other things might.
					Matthew Dillon 

:BTW good to see there still people out there who are brave enough to 
:break away from the establishment, roll up there sleeves and break some 
:stuff in the name of learning and innovation.
:Mark Wolfe
:Hammond Street Developments

[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]