Subject: Re: PAM
To: None <current-users@netbsd.org>
From: Greg A. Woods <woods@weird.com>
List: current-users
Date: 09/26/2002 20:17:26
[ On Thursday, September 26, 2002 at 19:54:31 (-0400), Dan Melomedman wrote: ]
> Subject: Re: PAM
>
> Greg A. Woods wrote:
> > > But this is a place where dynamic linking actually makes lots of sense.
> > 
> > Huh?  No, not really.  There is absolutely zero benefit to such dynamic
> 
> Linking to shared libraries, not loading them with dlopen() (though this
> may not be possible at all), etc. I still don't think linking an LDAP 
> library into -lc a good idea. You automatically bloat everything with this.

Have you not looked at what's there by default, now, today?  Libc and
all kinds of other things are already bloated (and full of additional
unnecessary risks) anyway unless you add these to /etc/mk.conf and
rebuild the world:

	# Things we'll never use that add loads of code:
	MKHESIOD=no
	MKKERBEROS=no
	MKSKEY=no
	MKYP=no

(these are recent options added to -current and are in 1.6)

Adding LDAP client code is no biggie, especially if you pull out the
other stuff that you won't need.

Unix components have become even more integrated now that there are more
of them, but that's the price we pay for complexity and flexibility.

If you don't use HESIOD or NIS/YP, then why compile it and load it and
have to trip past all the run-time decision points for it?

However if you do use LDAP instead of, or in addition to, /etc/passwd
then you do need it in libc -- getpw*() need it and you'll be wasting
what adds up to enormous resources if you don't link it in directly
since you'll be going through all the extra effort of dynamically
loading it over and over and over again forever.

-- 
								Greg A. Woods

+1 416 218-0098;            <g.a.woods@ieee.org>;           <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>