| 1 |
On Fri, Jun 27, 2003 at 07:58:39AM -0700, Zack Gilburd wrote: |
| 2 |
Content-Description: signed data |
| 3 |
> On Friday 27 June 2003 05:58 am, Rigo Ketelings wrote: |
| 4 |
> > Op vr 27-06-2003, om 14:23 schreef Eric Sammer: |
| 5 |
> > > Just to add something to my last email about portage and database / |
| 6 |
> > > directory services... |
| 7 |
> > > |
| 8 |
> > > While talking to my wife this morning (a sysadmin and security |
| 9 |
> > > professional and fellow gentoo user) about this situation, we realized |
| 10 |
> > > something else about portage in openldap. This would (or could, |
| 11 |
> > > depending on implementation) severely limit the rsync bottle neck by |
| 12 |
> > > allowing for a hierarchy of directory servers to be replicated from by |
| 13 |
> > > users. |
| 14 |
> > |
| 15 |
> > I REALLY like this idea.. |
| 16 |
> |
| 17 |
> I /tried/ using LDAP as my authentication for pam a while back, in hopes of |
| 18 |
> having a nice, network-wide, roaming profile. However, such hopes were |
| 19 |
> quickly shattered once I got authentication going even locally. My login |
| 20 |
> attempts would take /quite/ a while and it was very inefficient. I would |
| 21 |
> rather see a MySQL database. |
| 22 |
> |
| 23 |
|
| 24 |
As directory services are optimized for read performance, there are |
| 25 |
disadvantages for write access to a directory service. But compared to |
| 26 |
the amount of user needing read access to a directory service the |
| 27 |
number of write access updates should REALLY small. |
| 28 |
|
| 29 |
I think your bad experience with LDAP as authentication service may |
| 30 |
have to do with misconfiguration or lack of optimization. |
| 31 |
|
| 32 |
> > > With clever use of referals and replication, you could |
| 33 |
> > > effectively remove the rsync issues of bandwidth and the |
| 34 |
> > > "stop-syncing-so-often-it's-rude" problem. Updates to portage would be |
| 35 |
> > > propagated down the line when commited moving a smaller (but steady) |
| 36 |
> > > stream of traffic rather than unpredictable bursts (note: that's an |
| 37 |
> > > assumption). This would eliminate the need for 'emerge sync' (in theory). |
| 38 |
> > > |
| 39 |
> > > Again, this is all very academic as the data to back up these ideas is |
| 40 |
> > > out of the public eye (thankfully). Maybe just food for thought... |
| 41 |
> > > |
| 42 |
> > > Thanks to all devs for all the great work. |
| 43 |
> > |
| 44 |
> > Yup, can't say that enough too ;)... |
| 45 |
> |
| 46 |
> Granted I am incorrect about my assertions above, I would like to see this |
| 47 |
> *work* in a real-world situation before I say, "Yea, sure, let's give LDAP a |
| 48 |
> try..." |
| 49 |
|
| 50 |
christoph |
| 51 |
-- |
| 52 |
^*^ |
| 53 |
|
| 54 |
-- |
| 55 |
gentoo-dev@g.o mailing list |
Archives