1 |
On Fri, Jun 27, 2003 at 07:58:39AM -0700, Zack Gilburd wrote: |
2 |
Content-Description: signed data |
3 |
> On Friday 27 June 2003 05:58 am, Rigo Ketelings wrote: |
4 |
> > Op vr 27-06-2003, om 14:23 schreef Eric Sammer: |
5 |
> > > Just to add something to my last email about portage and database / |
6 |
> > > directory services... |
7 |
> > > |
8 |
> > > While talking to my wife this morning (a sysadmin and security |
9 |
> > > professional and fellow gentoo user) about this situation, we realized |
10 |
> > > something else about portage in openldap. This would (or could, |
11 |
> > > depending on implementation) severely limit the rsync bottle neck by |
12 |
> > > allowing for a hierarchy of directory servers to be replicated from by |
13 |
> > > users. |
14 |
> > |
15 |
> > I REALLY like this idea.. |
16 |
> |
17 |
> I /tried/ using LDAP as my authentication for pam a while back, in hopes of |
18 |
> having a nice, network-wide, roaming profile. However, such hopes were |
19 |
> quickly shattered once I got authentication going even locally. My login |
20 |
> attempts would take /quite/ a while and it was very inefficient. I would |
21 |
> rather see a MySQL database. |
22 |
> |
23 |
|
24 |
As directory services are optimized for read performance, there are |
25 |
disadvantages for write access to a directory service. But compared to |
26 |
the amount of user needing read access to a directory service the |
27 |
number of write access updates should REALLY small. |
28 |
|
29 |
I think your bad experience with LDAP as authentication service may |
30 |
have to do with misconfiguration or lack of optimization. |
31 |
|
32 |
> > > With clever use of referals and replication, you could |
33 |
> > > effectively remove the rsync issues of bandwidth and the |
34 |
> > > "stop-syncing-so-often-it's-rude" problem. Updates to portage would be |
35 |
> > > propagated down the line when commited moving a smaller (but steady) |
36 |
> > > stream of traffic rather than unpredictable bursts (note: that's an |
37 |
> > > assumption). This would eliminate the need for 'emerge sync' (in theory). |
38 |
> > > |
39 |
> > > Again, this is all very academic as the data to back up these ideas is |
40 |
> > > out of the public eye (thankfully). Maybe just food for thought... |
41 |
> > > |
42 |
> > > Thanks to all devs for all the great work. |
43 |
> > |
44 |
> > Yup, can't say that enough too ;)... |
45 |
> |
46 |
> Granted I am incorrect about my assertions above, I would like to see this |
47 |
> *work* in a real-world situation before I say, "Yea, sure, let's give LDAP a |
48 |
> try..." |
49 |
|
50 |
christoph |
51 |
-- |
52 |
^*^ |
53 |
|
54 |
-- |
55 |
gentoo-dev@g.o mailing list |