[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Crypto consolidation in debian ?

On Sun, 2011-05-01 at 14:08 +0100, Roger Leigh wrote:
> If we could move to having a central service, rather than having every
> process load in a pile of extra libraries, I would probably be in
> favour of it.  If would make some things, such as NSS queries inside
> chroots, much more efficient and robust.

This is what nss-pam-ldapd does to replace nss_ldap (NSS part in
libnss-ldapd). It uses a central daemon running as a dedicated user (for
LDAP NSS requests only). The original reason for the creation of
nss-ldapd was that the OpenLDAP libraries are not meant to be in
processes that do not expect them. I guess there are more.

Another solution (that Joss already pointer out) is libnss-sss which has
a slightly broader scope.

I'm not sure that having a central process to read stuff from simple
flat files is a good idea though as it adds extra complexity and a
single point of failure.

-- arthur - adejong@debian.org - http://people.debian.org/~adejong --

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: