From owner-freebsd-current@FreeBSD.ORG Fri Nov 28 17:45:40 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3125516A4CE; Fri, 28 Nov 2003 17:45:40 -0800 (PST) Received: from smtp.des.no (flood.des.no [217.116.83.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9BFC943FAF; Fri, 28 Nov 2003 17:45:38 -0800 (PST) (envelope-from des@des.no) Received: by smtp.des.no (Pony Express, from userid 666) id 512125309; Sat, 29 Nov 2003 02:45:37 +0100 (CET) Received: from dwp.des.no (des.no [80.203.228.37]) by smtp.des.no (Pony Express) with ESMTP id 4ABE45308; Sat, 29 Nov 2003 02:45:26 +0100 (CET) Received: by dwp.des.no (Postfix, from userid 2602) id 6956433C8C; Sat, 29 Nov 2003 02:45:25 +0100 (CET) To: "Jacques A. Vidrine" References: <20031129011334.GC88553@madman.celabo.org> From: des@des.no (Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?=) Date: Sat, 29 Nov 2003 02:45:24 +0100 In-Reply-To: <20031129011334.GC88553@madman.celabo.org> (Jacques A. Vidrine's message of "Fri, 28 Nov 2003 19:13:34 -0600") Message-ID: User-Agent: Gnus/5.090024 (Oort Gnus v0.24) Emacs/21.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on flood.des.no X-Spam-Level: ss X-Spam-Status: No, hits=2.6 required=5.0 tests=RCVD_IN_DYNABLOCK, RCVD_IN_SORBS autolearn=no version=2.60 cc: freebsd-current@freebsd.org Subject: Re: NSS and PAM X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Nov 2003 01:45:40 -0000 "Jacques A. Vidrine" writes: > Interesting. Explain, please. (Maybe privately or in another thread; > hate to keep this'n going.) Perhaps you mean that it is a design flaw > that two APIs are required. If so, I happen to disagree; I think that > the separation of directory services and authentication is appropriate > and necessary. No, the two are essentially one. We just think they aren't because we've been brainwashed to think of users in terms of uids and gids and especially struct passwd, which deserves to die. NSS itself doesn't make much sense to me; it's an elaborate hack designed to drag all those nice shiny directory services down in the mud where struct passwd has been wallowing for the past twenty years, instead of allowing applications to take advantage of their superior functionality. As for PAM, a lot of what's wrong with it today could be fixed by redesigning it to include directory services. If you fixed the conversation system (by formalizing service function execution as an FSM) and cleaned up the configuration syntax, you'd end up with something quite nice. DES --=20 Dag-Erling Sm=F8rgrav - des@des.no