[proof of concept] libwbclient.so

Gerald (Jerry) Carter jerry at samba.org
Tue Sep 4 17:34:34 GMT 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

simo wrote:

>> I believe that you are simply confusing policy and mechanism. 
> 
> I disagree here.
> The whole pam_winbindd/winbindd are beyond the PAM interface 
> (the mechanism) anyway. You can decide to put the policy
> in the library PAM loads or you can put it into winbindd.
> There is really no much difference from what I can see
> form the mechanism POV.

The entire reason for PAM is to allow an administrator the
ability to define policy.  but you are not willing to allow
a PAM developer to use define their own policy.

> There is instead a difference on performance and control. If 
> you put the decision in winbindd you can have less round-trips
> and less information going around, you can also have more
> control in winbindd as talking with a daemon is much easier
> then talking to config files/libraries (delegation,
> automation, etc...).

This is about the same as the argument to not support kernel
modules.  Or run time linking.  Show me numbers.  Prove to
me that the performance issues you are championing are real
in practice and make a difference.

> Also, after experience with other ugly pam/nss modules, I am 
> a firm believer that the less you put in the user's
> process space the better.

Again I"ll refer to "winbind use default domain" and mention
that all of that could have been fixed in the PAM/NSS space.

Sorry, but it appears that you and I will just not agree.
So I'll just continue working on my own patch and we'll
take a vote when it's done.




cheers, jerry
=====================================================================
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG3ZcPIR7qMdg1EfYRAhE7AKDKzyCiaT/7kjxeFyg9UWMMn7g9zgCg66rA
W1f3W1eOEVt7osAr3EQDXbE=
=fx+X
-----END PGP SIGNATURE-----

More information about the samba-technical mailing list