DragonFly 3.4 release planning
Samuel J. Greear
sjg at evilcode.net
Sat Mar 30 13:18:46 PDT 2013
On Sat, Mar 30, 2013 at 12:25 PM, Matthew Dillon <
dillon at apollo.backplane.com> wrote:
>
> :> Binaries in /bin and /sbin are compiled statically, which makes them
> unusable
> :> with NSS modules.
> :> This is IMHO the biggest remaining issue with this release.
> :
> :Just curious - hasn't this been the case for some time?
> :And if so / not - why did this become an issue for you now?
> :
> :Not taking one side or another, just wondering about more background info,
> :though I do seem to recall a rather strong position taken *against*
> :dynamic /bin /sbin in this project when FreeBSD switched to dynamic
> :builds in the freebsd ~6.x-7.x era
> :
> :Cheers,
> :
> :- Chris
>
> I think I'm the only one who is really against making /bin and /sbin
> dynamic. I feel kinda silly standing on top of the hill holding up
> the red flag :-(.
>
> I really hate the concept of a /rescue. I could live with a nullfs
> overloading of /bin and /sbin, but so far nobody (including I) has
> thought up a good clean way to do it and still have the safety of
> static binaries in single-user mode.
>
> -Matt
> Matthew Dillon
> <dillon at backplane.com>
>
For the record, both Sascha and I are against it as well.
I think the cleanest solution is to compile in a pam module to kick auth
requests to an auth daemon that is capable of loading nss modules (or even
other pam modules). That said, I have neither verified that this is
absolutely possible within the constraints of the NSS API, nor do I intend
to be the one doing the work, not having any pressing need for NSS myself.
Sam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/kernel/attachments/20130330/03cb78fe/attachment-0003.htm>
More information about the Kernel
mailing list