Date: Sat, 29 Nov 2003 02:45:24 +0100 From: des@des.no (Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?=) To: "Jacques A. Vidrine" <nectar@FreeBSD.org> Cc: freebsd-current@freebsd.org Subject: Re: NSS and PAM Message-ID: <xzpbrqw7xsb.fsf@dwp.des.no> In-Reply-To: <20031129011334.GC88553@madman.celabo.org> (Jacques A. Vidrine's message of "Fri, 28 Nov 2003 19:13:34 -0600") References: <20031129011334.GC88553@madman.celabo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
"Jacques A. Vidrine" <nectar@FreeBSD.org> writes: > Interesting. Explain, please. (Maybe privately or in another thread; > hate to keep this'n going.) Perhaps you mean that it is a design flaw > that two APIs are required. If so, I happen to disagree; I think that > the separation of directory services and authentication is appropriate > and necessary. No, the two are essentially one. We just think they aren't because we've been brainwashed to think of users in terms of uids and gids and especially struct passwd, which deserves to die. NSS itself doesn't make much sense to me; it's an elaborate hack designed to drag all those nice shiny directory services down in the mud where struct passwd has been wallowing for the past twenty years, instead of allowing applications to take advantage of their superior functionality. As for PAM, a lot of what's wrong with it today could be fixed by redesigning it to include directory services. If you fixed the conversation system (by formalizing service function execution as an FSM) and cleaned up the configuration syntax, you'd end up with something quite nice. DES --=20 Dag-Erling Sm=F8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpbrqw7xsb.fsf>