DragonFly BSD
DragonFly kernel List (threaded) for 2003-12
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: fallback for nss and stuff in libc


From: Michel Talon <talon@xxxxxxxxxxxxxxxx>
Date: 13 Dec 2003 10:55:47 GMT

ibotty <bsd@xxxxxxxxxx> wrote in
news:3fda5a3d$0$169$415eb37d@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx: 

> this is out for discussion.
> 
> when we have our nss+auth daemon (how to name that beast?),
> we will have stubs in libc to message that daemon.
> 
> when this daemon is not available, we should try to start it (this
> should only happen in single-user mode, though).
> 
> if that fails, how are we going to deal with it?
> 
> because, it will be impossible (ehem, should be impossible), that the
> daemon cannot be started by root or crashes, we would NOT need any
> fallback. 

Do you support the famous problem of resetting root's passwd in single
user mode in your scheme? In my opinion, being able to boot a rescue
cdrom and remove the root passwd on hard disk is an absolute must.
Otherwise, if the console is marked insecure you cannot enter the system
at all, and you are good for reinstall. The fallback to a small flat
passwd file in single user mode looks perfectly fine to me. Then you can
edit it with a rescue cdrom, reboot single user even on an insecure
console and do whatever necessary.


> 
> in the case, that it does not start (due to a bad kernel or daemon),
> it should be at least possible to mount a cdrom and cp a know working
> kernel and daemon.
> so IMO, the only fallback needed is to support mount and cp.
> 
> ~ibotty
> 




[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]