Subject: Re: LONG - Re: /rescue, crunchgen'ed?
To: Bill Studenmund <wrstuden@netbsd.org>
From: sudog <sudog@sudog.com>
List: current-users
Date: 08/30/2002 16:25:06
> > Mm.. just to point something out here: what percentage of our total
> > userbase actually has (or even intends to use) a smartcard or
> > hardware-based authentication device? And what makes you think that the
> > drivers for smartcard or hardware-based authentication are going to be
> > anything but one-offs for the people who use them?
> 
> Numbers? Probably small. Value to users who need? Probably large.
> 
> What does one-offedness of drivers have to do with this?

The point is that if they need this form of authentication and are building a 
custom tool anyway, then why do they need a framework? Let them build it 
directly into the source. It's not much more work than building something 
custom anyway.

Seems like you're talking about a lot of work for such a tiny group of users. 
Smells like special interest groups and outside pressure to me.

> ?? Do you realize your comments whcih seem to be anti-module are actually
> part of why we want to do it?
> 
> Yes, vendors may well NOT want to release source for auth modules. By
> supporting binary modules, they won't have to.

Are there so many vendors who want to implement auth modules? Who? Who's 
pushing for it? Are you building a framework for a need that isn't even being 
expressed yet? Or are people pressuring for it privately? If so, tell us: 
"Fifteen vendors in the last four months have expressed an interest in being 
able to build hardware auth modules into init."

Or are you trying to attract vendors? Away from who? Linux? Good luck!

Otherwise it's just speculation isn't it? After all, it works well for the 
rest of us. Are you trying to say that we'll benefit from Linux module 
vendors if we can give them something they don't even have to recompile for? 
Fair enough. Say so--"We're building Linux facilities and a primarily 
Linux-based API into NetBSD."

All I'm saying is that this particular reason is a bad one. Locale? Good 
reason. Easily upgradeable? Good reason. Network/database auth mechanisms? 
Okay reason. External hardware auth? Really bad reason.

I'm not arguing against binary modules. I'm just pointing out that hardware 
auth mechanisms will do nothing for us. Unless there's already a deal 
happening that's paying for this perhaps?

> No, the future we want to open is binary-only add-ons to NetBSD. While I
> don't know how many auth modules will be covered, I know without this
> change, NONE will.

So you are trying to open NetBSD to a wider and apparently theoretical 
audience then and hoping to garner support from..  who, again?