Subject: Re: RFC: migration to a fully dynamically linked system
To: None <>
From: sudog <>
List: tech-userlevel
Date: 12/21/2001 09:27:31
On Friday 21 December 2001 07:20, Matthias Buelow wrote:
> Greywolf writes:
> >It's also not clear what going full ldd really buys us.  LDAP doesn't
> >qualify since there are third-party open-source versions.
> >
> >The way it is now is not broken -- please don't fix it.
> I'd greatly appreciate a flexible PAM(-like) scenario, tho..  the
> way authentication is ATM is a bit unsatisfactory, IMHO.  Some kind
> of PAM daemon which is dynamically linked and which organizes
> loading of modules and to which statically linked programs connect
> via IPC would be ok, also... that way static binaries could fallback
> to traditional stuff if the pam daemon is not available (due to
> hosed libraries or whatever.)  That method would be more elegant
> than each program loading the respective modules itself via a
> pam library, even, and is a lot more failsafe.

PAM is a raging, stinking, rotting, festering pile of burning garbage and 
has been so in the implementations I've seen. (About three so far.) Search 
the mail list archives (via google, the normal NetBSD archive search 
mechanism is dead, looks like) for PAM and you'll see how some others view 
it as well.

Personally, I'm not in favour of any modifications to our linking strategy 
just so authentication can be concentrated into PAM-style modules. If 
someone does decide to "Go That Way" (and I hope you don't) then please 
don't consider PAM in your decision. I have no control over the code so 
the best I can do is voice my opinion, and here I am.