On Sat, Mar 30, 2013 at 12:25 PM, Matthew Dillon < [email protected]> wrote:
> > :> Binaries in /bin and /sbin are compiled statically, which makes them > unusable > :> with NSS modules. > :> This is IMHO the biggest remaining issue with this release. > : > :Just curious - hasn't this been the case for some time? > :And if so / not - why did this become an issue for you now? > : > :Not taking one side or another, just wondering about more background info, > :though I do seem to recall a rather strong position taken *against* > :dynamic /bin /sbin in this project when FreeBSD switched to dynamic > :builds in the freebsd ~6.x-7.x era > : > :Cheers, > : > :- Chris > > I think I'm the only one who is really against making /bin and /sbin > dynamic. I feel kinda silly standing on top of the hill holding up > the red flag :-(. > > I really hate the concept of a /rescue. I could live with a nullfs > overloading of /bin and /sbin, but so far nobody (including I) has > thought up a good clean way to do it and still have the safety of > static binaries in single-user mode. > > -Matt > Matthew Dillon > <[email protected]> > For the record, both Sascha and I are against it as well. I think the cleanest solution is to compile in a pam module to kick auth requests to an auth daemon that is capable of loading nss modules (or even other pam modules). That said, I have neither verified that this is absolutely possible within the constraints of the NSS API, nor do I intend to be the one doing the work, not having any pressing need for NSS myself. Sam
