splitting courier-authlib into master+slave ports
Yarema
yds at CoolRat.org
Wed Apr 20 16:48:09 PDT 2005
--On Wednesday, April 20, 2005 21:44:11 +0200 Jose M Rodriguez
<josemi at freebsd.jazztel.es> wrote:
> El Wednesday 20 April 2005 20:27, Yarema escribió:
>>
>> FWIW I'd like to weigh in with my opinion. I think this move to a
>> meta port just so we can have OPTIONS selectable dependencies does
>> little to improve usability. As I've argued before in an email to
>> Oliver there's little need to have more than one
>> courier-authlib-method port installed unless one is transitioning
>> from one auth-method to another or just experimenting.
>>
>
> Maybe, but you can trust me in this: have the base port and the
> components selector in the same place it a bad design.
I agree.
>> One difference between the courier-authlib-20050408.00.tgz version
>> and courier-authlib-20050420.00.tgz is that I make --with-authpam
>> part of the base port's CONFIGURE_ARGS. This prevents libauthpwd.so.0
>> from being built and instead builds
>> lib/courier-authlib/libauthpam.so.0. authpwd is discouraged as per
>> <http://www.courier-mta.org/authlib/README_authlib.html>:
>>
>> NOTE: It might be tempting to throw in a towel and use authshadow or
>> authpwd if you cannot figure out how to install PAM support, however
>> that is not advisable. It is highly recommended to use authpam
>> wherever the PAM library is available.
>>
>
> We have a FreeBSD supported version without a pam library? I think no.
>
>> The authpwd module is also documented in the same README to use "the
>> C library's getpw() functions" which in turn are documented to be
>> made "made obsolete by getpwuid(3)" in the FreeBSD getpw(3) man page.
>>
>> So given the above two citations from both courier-authlib docs and
>> FreeBSD's docs why not just do away with authpam being optional and
>> make it the default part of the base package?
>>
Yes, we do have "a FreeBSD supported version without a pam library"
installed if only the base port is installed. I made this happen to for
the sake of completness and now I'm presenting arguments that it is a bad
idea. Thing is that the courier-authlib port, as it is committed NOW, will
install the no PAM version "libauthpwd.so.0" if NONE of the OPTIONS are
selected. Yet the PLIST in the current version does not include
"libauthpwd.so.0".
See for yourself. Make sure that you have no WITH_ tunables in
/etc/make.conf and unselect all the options in 'make config' then 'make
install' and look in /usr/local/lib/courier-authlib/ -- you'll see that
there's a "libauthpwd.so.0" in there. Then 'pkg_delete
courier-authlib-0.55_1' and you'll get:
pkg_delete: unable to completely remove directory
'/usr/local/lib/courier-authlib'
pkg_delete: couldn't entirely delete package (perhaps the packing list is
incorrectly specified?)
This is how things are NOW. I noticed this when I did my initial rewrite
and modified the base port PLIST to account for "libauthpwd.so.0". Now I'm
making a case to do away with it all together by making --with-authpam
nonoptional. I'm simply arguing to have something removed that noone
except me noticed existed.
It's either we have "libauthpwd.so.0" or the more modern "libauthpam.so.0"
installed in the base port. Both essentially do the same thing by default.
All the documentation I cited points to PAM being the better choice.
--
Yarema
http://yds.CoolRat.org
More information about the freebsd-ports
mailing list