dynamic /bin /sbin
Matthew Dillon
dillon at apollo.backplane.com
Sat Jul 26 19:16:19 PDT 2003
:> Bosko Milekic wrote:
:>
:> One of the advantages of this approach is that you can do some
:> interesting caching at this level. The disadvantage is that if this
:> daemon dies, your box is dead in the water. Considering that this
:> daemon would get more complicated with time (as you add more methods to
:> authenticate), this could be worrisome. But, either can be made to work.
:
:Do you mean broadening the authentication API, or adding additional
:authentication sources?
:
:If the latter: each autentication mechanism is supplied by a
:dynamically-linked "plug-in". Getting an nscd or lookupd to partition -
:ie, sandbox - unstable plugins is a bit more work, but still doable.
:
:The point about libc containing a "fallback" mechanism is precisely so
:that a failure of lookupd won't leave the box _completely_ dead in the
:water.
:
:--
:jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/
I would say we definitely want to keep a fallback mechanism in
libc... a simple spwd (e.g. master.passwd) mechanism ought to be
sufficient.
I really hate the idea of using dynamically linked plug-ins for
authentication, at least when used with standard applications.
I think it's disaster waiting to happen. It might be reasonable
to use plug-ins for a port service based authentication daemon
since that is a far more controlled situation.
-Matt
Matthew Dillon
<dillon at xxxxxxxxxxxxx>
More information about the Kernel
mailing list