DragonFly BSD
DragonFly kernel List (threaded) for 2003-07
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: packaging system

From: Robert Garrett <rg70@xxxxxxxxxxxxx>
Date: Sun, 20 Jul 2003 20:06:36 -0500

Matthew Dillon wrote:

> :Gday all,
> :
> :Just a couple of questions.
> :
> :Has anyone got any ideas on what you are envisioning for the packaging
> :system of dragonfly. I have used FreeBSDs ports, debians dpkg and Osx's
> :fink for a bit and I am interested in software distribution and update
> :systems. I would be happy to begin looking into a helping with a higher
> :level design or even just happy to help compile peoples ideas for web
> :content.
>     I have a basic idea of what I would like to see, and how it could be
>     accomplished.  I discuss it somewhat in the Goals section of the
>     site.
> :Also what are your thoughts of NSS switch.. are you planning to
> :integrate this feature into dragonfly? I am a stalwart supporter of the
> :move to ldap as the core of an os's AAA model.
>     Well, I don't know enough about NSS switch to comment on it.  I do
>     know what I want to see for authentication and that is a port
>     service... a user level daemon, which takes and responds to requests
>     from processes
>     for user, group, and other authentication info.  e.g. it would run the
>     password crypt check too, and would be able to ask for (opaque to it)
>     config files and environment variables from the requesting client in
>     order to resolve things like ssh keys, kerberos, and so forth.  It
>     would deal with NIS or other over-the-network authentication systems
>     as well.
>     All of that would be invisible to the requesting client.  I
>     really dislike having to compile authentication support into every
>     program
>     in the system, even if it is in DLL form (like PAM.  I really hate
>     PAM).
>     e.g., the conversation would go something like this:
>     program: help, I need to authenticate 'charlie'!  I have the following
>     pieces of opaque data:
> - Something called a ssh2_public_key, whatever that is
> - Something called ORIGINATING_IP, whatever that is
>     service: send me your ~/.rhosts, ~/.shosts, ~/.ssh/authorized_keys
>     file please.
>     program: I only have ~/.shosts and ~/.ssh/... here ya go.
>     service: that's good enough, your authenticated for the following
>     (opaque) capabilities: (list of opaque capabilities)
>     program: Thanks!  I have no idea what these capabilties are but I'll
>     hand
>     them out (one could be related to ssh that ssh understands.  If this
>     program is ssh then it will understand the ssh-related capabilities).
>     And so on and so forth.
> :Lastly have you thought about doing some research into some of the
> :technologies used in darwin to possibly add even more to you new
> :distribution. This is just a general fish for ideas from people in this
> :group and is not directed at any particular part of darwin.
>     It would depend on the technology.  Some things might not mesh well
>     with the existing goal set, other things might.
> -Matt
> Matthew Dillon
> <dillon@xxxxxxxxxxxxx>
> :BTW good to see there still people out there who are brave enough to
> :break away from the establishment, roll up there sleeves and break some
> :stuff in the name of learning and innovation.
> :
> :Regards,
> :
> :Mark Wolfe
> :Hammond Street Developments
There are the beginnings of nsswitch in RCng.


[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]