On Wed, 2006-Aug-23 15:55:23 -0500, Brooks Davis wrote: > Having authentication functions outside the base makes them >more vulnerable to configuration problems and general library cross >threading. Can you explain what you mean here. Having a single OpenLDAP, nss_ldap etc in ports would seem to have less scope for misconfiguration than having one version in the base system and a slightly different version in ports. There are already a number of authentication modules in ports that don't seem to cause serious problems. > It also means they can't work out of the box. I disagree. X11 and perl are both ports that work out-of-the-box. There's no reason why OpenLDAP can't be a port on CD1 - which makes it fairly transparent to users. > I think the >costs are likely fairly small (no worse than those associated with >OpenSSL) and the benefits are substantial. As one of the majority who don't need LDAP authentication, I don't see any benefits to me. IMHO, FreeBSD should move towards a more modular system - a minimal base with most of the functionality in optional packages (or ports). Removing uucp, games and perl are steps in this direction. I believe there should be a very high bar on the import of functionality that is already available in ports. All the above said, I agree that if OpenLDAP is imported, it should be built by default. -- Peter Jeremy
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:59 UTC