PAM-NTDOM: Compile Errors

[Richard Sharpe]

At 11:47 AM 7/9/00 +1000, Gerald Carter wrote:
>Paul,
>
>Paul J Collins wrote:
>> 
>> In this scenario, login is similar to WINLOGON.EXE, 
><snip>
>
>Nice analogies.
>
>> Fine, but the architecture of NT's security systems 
>> in not automatically bad and invalid, just because 
>> it happens to belong to NT.
>
>I never meant to imply that it was.  Let me give a 
>bit of history here.  Luke and I (and others) have over 
>the months and years had discussions over issues 
>similar to this.  Luke has in the past wanted to make 
>UNIX into NT in every aspect.  Not necessarily from a
>services point of view, but from an architectural 
>point of view.  
>
>I disagree.  Not that I think one is better than the 
>other.  I simply think Samba is an interoperability tool,
>and not an operating system.

The heart of the matter seems to be the argument between Andrew and Luke
over how to structure Samba.  Luke seems to prefer a process-ful approach
that mirrors NT's approach. Andrew appears to prefer a shared-library-ful
approach that is more like PAM or nsswitch in concept.  

There are advantages to both, but the advantages of Luke's approach are
mainly felt by developers. System administrators care more about complexity
of configuration and management.  The shared-library-ful approach has
advantages that many administrators will prefer, IMO. Less processes to
worry about and check that they are running and so forth.

>This is probably capped off with having to merge 
>rpcclient from TNG into HEAD at the moment has 
>rather irratated me. ;-)

It has clearly affected your spelling as well :-)

>> NT and Unix have many features in common; too many to 
>> list here.  They also have plenty of differences.  
>> Not everything in Unix is good, and not everything in 
>> NT is bad.  Very general, I know, but so was your
>> statement.
>
>My previous statements led to misinterpretation.  I 
>have never said NT is bad.  I apologize. :-)

Oh, I dunno, I find the statement "NT is bad, Linux is good" has a lot of
appeal :-)

>>     Gerald> If you didn't need netlogond and lsarpcd before,
>>     Gerald> someone give me a **technical** reason why you
>>     Gerald> need them now.
>> 
>> I'm sure Luke could do that; I know very little 
>> about pam_ntdom.
>
>Here is what it comes down to.  I think this was 
>a non necessary change that had no basis in technical 
>issues.  

See above.

>Please, someone jump in and correct me if I'm an 
>wrong.  I have no pride.  If I'm wrong, then I'm wrong.
>
>> Looks like administrators will have to learn 
>> something new, something they do every day of 
>> their lives.
>
>ok.  Let's ask the admins.  How many people think 
>that having to run netlogond and lsarpcd in order
>to use pam_ntdom is a good idea?  Please send 
>me private mails and I will tally the results.
>No need to clutter the list.

I think that having lots of extra daemons will make life more difficult for
admins.

>IMO these are the two important issues to focus on:
>
>- top priority: was the changed needed in order 
>  to provide a higher or enhanced level of 
>  service or quality?
>
>- do sysadmins care about having to install another
>  running service in order to use pam_ntdom
>  (which was previously unnecessary)?  If those people
>  who use it frequently don't care, why should I 
>  raise the issue.

This increases the complexity for administrators, which means that even
clearer documentation must be written.  No one seems willing to do the
documentation, so I would suggest that we not increase the complexity like
this.

>arguments about "That is the way NT does it" do 
>not count.


Regards
-------
Richard Sharpe, sharpe at ns.aus.com
Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org)
Co-author, SAMS Teach Yourself Samba in 24 Hours
Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course
Author: First Australian 2-day, intensive, hands-on Samba course