From owner-freebsd-current@FreeBSD.ORG Fri Nov 28 21:36:16 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3A8E516A4CE; Fri, 28 Nov 2003 21:36:16 -0800 (PST) Received: from stork.mail.pas.earthlink.net (stork.mail.pas.earthlink.net [207.217.120.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id 32EB643FF7; Fri, 28 Nov 2003 21:36:14 -0800 (PST) (envelope-from richardcoleman@mindspring.com) Received: from [68.213.16.23] (helo=mindspring.com) by stork.mail.pas.earthlink.net with asmtp (Exim 3.33 #1) id 1APxlh-0006cM-00; Fri, 28 Nov 2003 21:35:45 -0800 Message-ID: <3FC82FB7.3070800@mindspring.com> Date: Sat, 29 Nov 2003 00:33:43 -0500 From: Richard Coleman Organization: Critical Magic, Inc. User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, en MIME-Version: 1.0 To: =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= References: <20031129011334.GC88553@madman.celabo.org> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-ELNK-Trace: 1ee258965991efcb0865379cdb43356e5e89bb4777695beb702e37df12b9c9efce8e710c027e23f5de2ef9be1211f436350badd9bab72f9c350badd9bab72f9c cc: "Jacques A. Vidrine" cc: freebsd-current@freebsd.org Subject: Re: NSS and PAM X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: richardcoleman@mindspring.com List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Nov 2003 05:36:16 -0000 Dag-Erling Smørgrav wrote: > NSS itself doesn't make much sense to me; it's an elaborate hack > designed to drag all those nice shiny directory services down in the > mud where struct passwd has been wallowing for the past twenty years, > instead of allowing applications to take advantage of their superior > functionality. > > As for PAM, a lot of what's wrong with it today could be fixed by > redesigning it to include directory services. If you fixed the > conversation system (by formalizing service function execution as an > FSM) and cleaned up the configuration syntax, you'd end up with > something quite nice. > > DES Replacing passwd/group/NSS/PAM/whatever with a real database or directory backend is a kind of holy grail for Unix that's been discussed for many years. I would love to see it happen. But I doubt it could ever happen within a collaborative project like FreeBSD, since it would be impossible to get enough people to agree upon the innumerable small details. I don't want to sound so pessimistic, but I think that's just a reality of group projects. I think this is part of the reason that many people are passionate about the dynamic library implementation of PAM/NSS. We realize that the odds are very high that the alternatives will be endlessly discussed, but never implemented. Since this is a feature that many of us really need, we prefer the less than perfect but existing implementation to the perfect, but never implemented solution. This discussion has really reminded me of the classic paper by Richard Gabriel on "Lisp: Good News, Bad News, How to Win Big". This is one of the best essays on the "Worse is Better" phenomenon. http://www.ai.mit.edu/docs/articles/good-news/good-news.html http://www.dreamsongs.com/WorseIsBetter.html Richard Coleman richardcoleman@mindspring.com