Re: pkg/49804

[Havard Eidnes <he%NetBSD.org@localhost>]

The following reply was made to PR pkg/49804; it has been noted by GNATS.

From: Havard Eidnes <he%NetBSD.org@localhost>
To: bsiegert%gmail.com@localhost
Cc: gnats-bugs%NetBSD.org@localhost, pkg-manager%netbsd.org@localhost, gnats-admin%netbsd.org@localhost,
 pkgsrc-bugs%netbsd.org@localhost, ef%math.uni-bonn.de@localhost, ftigeot%wolfpond.org@localhost
Subject: Re: pkg/49804
Date: Sun, 02 Jul 2017 18:58:55 +0200 (CEST)

 >>> I noticed that pkgsrc-wip already contained a package for nss-pam-l=
 dap.
 >> When I looked at it three years ago, that could only possibly work o=
 n Linux.
 > =
 
 > It looks like he@ (Havard Eidnes) is actually maintaining the
 > package in wip (into which I merged your changes) and has updated it
 > to the latest version. I propose handing this over to him to
 > decide. My proposal is to import as is after the freeze (see below).
 
 Sounds good, and I'm not possessive about the maintainership.  I have
 at least an existence proof that the version I updated to also works
 on NetBSD, with the patches in the package (I seem to recall porting
 them over from the earlier version).  (Not sure those patches are
 portable to e.g. FreeBSD using pkgsrc, though...)
 
 >>> but it is a single package including the NSS module, the PAM
 >>> module and the daemon.
 >> The point of going into the trouble of splitting it up (as
 >> discussed on tech-pkg in december, 2013) was that almost every
 >> combination of the components makes sense: You may want to stick
 >> with nss_ldap, but switch to nss-pam-ldapd-pam (or vice versa) You
 >> may want PAM, but not NSS (or vice versa) You may event want a
 >> client, but not the server because OpenLDAP has an overlay
 >> (slapo-nssov, which is still in my queue of needing to be
 >> pkgsrc-ed) speaking the same protocol.
 >>
 >> So I think three separate packages do make sense. At least for me.
 >
 > In general, there is nothing wrong with having all the stuff in one
 > package. Merely installing a PAM and/or NSS library does not mean
 > that you are going to use it. In both cases, you need to edit a
 > configuration file to enable them.
 
 Right.  I, for one, appreciated the integration, and operationally the
 ability to re-authenticate with cached information even if the ldap
 server is down or otherwise inaccessible.  This package doesn't
 actually contain an ldap server (but you all knew that already, I
 suppose).
 
 I seem to recall I had trouble finding out how to fit the pieces
 together, not sure where an example could be provided.
 
 Regards,
 
 - H=E5vard