Hi, Kapetanakis Giannis wrote on Sat, Nov 27, 2010 at 02:51:02PM +0200:
> Instead of ypldap I would prefer the system to directly contact the > ldap servers to get user info similar the way nss does, and not > using NIS as an extra layer for ldap. The merit of a daemon like ypldap(8) is that is isolates the small, standardized libc code from whatever arbitrary information retrieval protocol a specific site may choose. > Looking around getpwent(3) I think it might be possible to extend > its functionality to include ldap support as well. I highly doubt that we want to bloat libc by integrating specific protocols for authentication information retrieval, and least of all with something as absurdly heavyweight as LDAP. And i'm not sure whether letting libc call back into user-supplied libraries would be a smart idea, in particular regarding functions a vital as user authentication. That said, i admit that libc RPC and YP code is not that small, not that standardized, and not that pretty. But building an additional system alongside it inside libc will not improve the situation. I feel unable to judge the consequences of replacing it with something cleaner and simpler; in any case, that would be a large and complex task. Oh, and of course YP functionality must be preserved. People are using it. Yours, Ingo
