mailing list of musl libc
 help / color / mirror / code / Atom feed
From: Rich Felker <dalias@libc.org>
To: Florian Weimer <fweimer@redhat.com>
Cc: Jesse Hathaway <jesse@mbuki-mvuki.org>,
	musl@lists.openwall.com, Arjun Shankar <arjun@redhat.com>,
	Carlos O'Donell <carlos@redhat.com>
Subject: Re: [musl] Plans to remove nscd in Fedora
Date: Tue, 3 Nov 2020 10:41:05 -0500	[thread overview]
Message-ID: <20201103154104.GV534@brightrain.aerifal.cx> (raw)
In-Reply-To: <87blgeerlg.fsf@oldenburg2.str.redhat.com>

On Tue, Nov 03, 2020 at 10:07:23AM +0100, Florian Weimer wrote:
> * Rich Felker:
> 
> > Thanks for filling me in on the status of this. Perhaps
> > https://github.com/pikhq/musl-nscd (not part of musl, but by a
> > long-time contributor) would be a useful basis for building a
> > replacement glibc systems could use too?
> 
> There is also unscd: <https://busybox.net/~vda/unscd/>
> It covers fewer maps, though.
> 
> For a full solution, we would need something that can deal (correctly)
> with the shadow database.  That's currently always in-process because we
> rely on the permissions of the calling process.

Shadow was discussed when this was written, and was deemed outside the
scope for the intended goal of enabling access to centralized user
databases. As far as we could tell (at least as I remember), existing
systems aren't using shadow this way, and if passwords are being
centrally managed at all (and if they're used at all), they could just
be distributed through getpw*() only to authorized clients. Still,
shadow support could be useful for alternate local backends (like the
tcb shadow support musl has internally, or shadow-in-homedir).

The bigger omission is probably hosts and all the other obscure
databases. musl does not use nscd protocol for hosts because dns was
deemed a better existing protocol for bridging hostname lookups to
arbitrary backends, and the nscd protocol was deemed deficient for
offering additional functionality beyond what dns could offer (e.g. it
can't represent scope ids for link-local results).

Rich

      reply	other threads:[~2020-11-03 15:41 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <1924902939.18027073.1603105167534.JavaMail.zimbra@redhat.com>
2020-10-19 11:13 ` Arjun Shankar
2020-10-20  1:08   ` Rich Felker
2020-10-23 11:35     ` Florian Weimer
2020-10-23 12:01       ` Tim Tassonis
2020-10-23 12:09         ` Florian Weimer
2020-10-23 13:29     ` Carlos O'Donell
2020-10-23 13:37       ` Laurent Bercot
2020-10-23 14:14       ` Jesse Hathaway
2020-10-23 16:58         ` Rich Felker
2020-10-26 12:20         ` Florian Weimer
2020-10-26 13:12           ` Rich Felker
2020-11-02 13:54             ` Florian Weimer
2020-11-02 14:50               ` Rich Felker
2020-11-03  9:07                 ` Florian Weimer
2020-11-03 15:41                   ` Rich Felker [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201103154104.GV534@brightrain.aerifal.cx \
    --to=dalias@libc.org \
    --cc=arjun@redhat.com \
    --cc=carlos@redhat.com \
    --cc=fweimer@redhat.com \
    --cc=jesse@mbuki-mvuki.org \
    --cc=musl@lists.openwall.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://git.vuxu.org/mirror/musl/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).