On Thu, 2009-10-22 at 11:56 +0800, Christopher Chan wrote: > > It doesn't matter how much work is involved. Do you think the > > Linux/Ubuntu community would be willing to change the way system > > logons work if it meant bug #1 could be completed? > > Let us see. To change the way system logons work would mean changing > pam, the C library and just about anything that has to do with system > accounts. You are welcome to try to convince the Ubuntu community to > maintain a fork of all these essential system libraries and offer some > form of backwards compatibility to avoid having to also modify who > knows how many other packages like sendmail, apache, > bind, ..., ..., ..., everything.
You guys need to step back a bit. There's absolutely no reason whatever that this _feature_ cannot be implemented on UNIX/Linux. Yes, obviously the _implementation_ that relies on changing the UID/GID scheme is a complete non-starter and cannot even be considered. There's no chance that anyone "upstream" will be willing to break that behavior and as you say, Ubuntu cannot essentially rewrite the entire GNU/Linux operating system to do away with it (don't forget that UID/GID is heavily embedded in the kernel, too, so Ubuntu would have to rework the kernel itself extensively). If this is Ryan's question then the answer is definitely no, not even if it meant bug #1 could be completed. Let's all remember our goal here is NOT to beat Microsoft by becoming a free version of Windows. Our goal is to produce a better product, while still staying true to the UNIX roots and philosophy (which we believe will lead to better software). However, luckily for us we do not HAVE to change or do away with UID/GID in order to implement automatic joins of a workstation. There's absolutely no reason that user "paul.smith" cannot have UID 1000 on one system and UID 2000 on another system: you just need to implement a mapping mechanism. But there are so many things to be considered before you even get here that impact directly on this. For example, obviously security is critical and so you'll need a secure way to do AAA. How do you add users? How do users authenticate? Etc. etc. All critical questions. Most likely you will need to base this on Kerberos, just because there's nothing else out there with the requisite features + security, that I know of anyway. Once you have that figured out you must end up with some secure token which represents a user that you can present to other systems as proof of identity. Then all you have to do is have each host map that token to a locally relevant UID/GID. UID/GID cannot be used between hosts, anyway, in any secure fashion. That's just one idea. I'm certainly NOT saying it's not a lot of work. I'm saying that it can be done, and it doesn't require throwing out 30+ years of UNIX/POSIX history to do it, so let's not dismiss the big idea based only on one possible bad implementation. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
