dynamic /bin /sbin

Matthew Dillon dillon at apollo.backplane.com
Sat Jul 26 19:16:19 PDT 2003


:> Bosko Milekic wrote:
:>
:> One of the advantages of this approach is that you can do some
:> interesting caching at this level.  The disadvantage is that if this
:> daemon dies, your box is dead in the water.  Considering that this
:> daemon would get more complicated with time (as you add more methods to
:> authenticate), this could be worrisome.  But, either can be made to work.
:
:Do you mean broadening the authentication API, or adding additional
:authentication sources?
:
:If the latter: each autentication mechanism is supplied by a
:dynamically-linked "plug-in". Getting an nscd or lookupd to partition -
:ie, sandbox - unstable plugins is a bit more work, but still doable.
:
:The point about libc containing a "fallback" mechanism is precisely so
:that a failure of lookupd won't leave the box _completely_ dead in the
:water.
:
:-- 
:jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/

    I would say we definitely want to keep a fallback mechanism in
    libc... a simple spwd (e.g. master.passwd) mechanism ought to be
    sufficient.

    I really hate the idea of using dynamically linked plug-ins for
    authentication, at least when used with standard applications.
    I think it's disaster waiting to happen.  It might be reasonable 
    to use plug-ins for a port service based authentication daemon
    since that is a far more controlled situation.

					-Matt
					Matthew Dillon 
					<dillon at xxxxxxxxxxxxx>





More information about the Kernel mailing list