packaging system
Robert Garrett
rg70 at sbcglobal.net
Sun Jul 20 18:06:36 PDT 2003
Matthew Dillon wrote:
>
> :Gday all,
> :
> :Just a couple of questions.
> :
> :Has anyone got any ideas on what you are envisioning for the packaging
> :system of dragonfly. I have used FreeBSDs ports, debians dpkg and Osx's
> :fink for a bit and I am interested in software distribution and update
> :systems. I would be happy to begin looking into a helping with a higher
> :level design or even just happy to help compile peoples ideas for web
> :content.
>
> I have a basic idea of what I would like to see, and how it could be
> accomplished. I discuss it somewhat in the Goals section of the
> site.
>
> :Also what are your thoughts of NSS switch.. are you planning to
> :integrate this feature into dragonfly? I am a stalwart supporter of the
> :move to ldap as the core of an os's AAA model.
>
> Well, I don't know enough about NSS switch to comment on it. I do
> know what I want to see for authentication and that is a port
> service... a user level daemon, which takes and responds to requests
> from processes
> for user, group, and other authentication info. e.g. it would run the
> password crypt check too, and would be able to ask for (opaque to it)
> config files and environment variables from the requesting client in
> order to resolve things like ssh keys, kerberos, and so forth. It
> would deal with NIS or other over-the-network authentication systems
> as well.
> All of that would be invisible to the requesting client. I
> really dislike having to compile authentication support into every
> program
> in the system, even if it is in DLL form (like PAM. I really hate
> PAM).
>
> e.g., the conversation would go something like this:
>
> program: help, I need to authenticate 'charlie'! I have the following
> pieces of opaque data:
>
> - Something called a ssh2_public_key, whatever that is
> - Something called ORIGINATING_IP, whatever that is
>
> service: send me your ~/.rhosts, ~/.shosts, ~/.ssh/authorized_keys
> file please.
>
> program: I only have ~/.shosts and ~/.ssh/... here ya go.
>
> service: that's good enough, your authenticated for the following
> (opaque) capabilities: (list of opaque capabilities)
>
> program: Thanks! I have no idea what these capabilties are but I'll
> hand
> them out (one could be related to ssh that ssh understands. If this
> program is ssh then it will understand the ssh-related capabilities).
>
> And so on and so forth.
>
> :Lastly have you thought about doing some research into some of the
> :technologies used in darwin to possibly add even more to you new
> :distribution. This is just a general fish for ideas from people in this
> :group and is not directed at any particular part of darwin.
>
> It would depend on the technology. Some things might not mesh well
> with the existing goal set, other things might.
>
> -Matt
> Matthew Dillon
> <dillon at xxxxxxxxxxxxx>
>
>
> :BTW good to see there still people out there who are brave enough to
> :break away from the establishment, roll up there sleeves and break some
> :stuff in the name of learning and innovation.
> :
> :Regards,
> :
> :Mark Wolfe
> :Hammond Street Developments
There are the beginnings of nsswitch in RCng.
Rob
More information about the Kernel
mailing list