DragonFly BSD
DragonFly kernel List (threaded) for 2003-07
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: dynamic /bin /sbin

From: Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxx>
Date: Sat, 26 Jul 2003 19:14:16 -0700 (PDT)

:> Bosko Milekic wrote:
:> One of the advantages of this approach is that you can do some
:> interesting caching at this level.  The disadvantage is that if this
:> daemon dies, your box is dead in the water.  Considering that this
:> daemon would get more complicated with time (as you add more methods to
:> authenticate), this could be worrisome.  But, either can be made to work.
:Do you mean broadening the authentication API, or adding additional
:authentication sources?
:If the latter: each autentication mechanism is supplied by a
:dynamically-linked "plug-in". Getting an nscd or lookupd to partition -
:ie, sandbox - unstable plugins is a bit more work, but still doable.
:The point about libc containing a "fallback" mechanism is precisely so
:that a failure of lookupd won't leave the box _completely_ dead in the
:jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/

    I would say we definitely want to keep a fallback mechanism in
    libc... a simple spwd (e.g. master.passwd) mechanism ought to be

    I really hate the idea of using dynamically linked plug-ins for
    authentication, at least when used with standard applications.
    I think it's disaster waiting to happen.  It might be reasonable 
    to use plug-ins for a port service based authentication daemon
    since that is a far more controlled situation.

					Matthew Dillon 

[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]