Antivirus in FC3?

Les Mikesell lesmikesell at gmail.com
Thu Mar 24 19:40:27 UTC 2005 

On Thu, 2005-03-24 at 11:59, Craig White wrote:

> > Yes, you have it straight.  Red Hat, the most popular distribution, or
> > so they would like to claim, does not provide a standard solution so
> > everyone else is forced to make up their own, resulting in versions
> > that aren't likely to interoperate.  It makes about as much sense
> > as making every user hand code their own sendmail.cf following their
> > own interpretation of the RFC's.
> ----
> give Red Hat some credit - they finally migrated off the terribly
> ancient openldap 2.0.27 that was in RHEL 3 into the 2.2.13 (still out of
> date) in RHEL 4 and FC-3

That's the odd part.  All the pieces are there, but they are still
useless unless someone puts them together in a standard way.

 
> > Who, other than Red Hat is in a position to fix this?
> ----
> seems to me that LDAP is a much larger technology and has implications -
> uses in a large variety of OS's and hardware. My experience tells me
> that most of the larger users/consumers of LDAP is not on Linux but on
> various Unix systems. 

If it came up running on RH/fedora the situation would reverse
overnight.  The people who need weird schemas can hire their armies of
developers to build them.  Most people need just what the clients
included in their distribution know how to query plus perhaps a
replacement for their ancient windows NT domain controller.  All
easily canned stuff.

> > Good defaults are what makes things work.  I don't know how to
> > write a device driver and I'm happy that I don't need to.  I wish it
> > were the same for LDAP.
> ----
> your view and my view of 'good defaults' for LDAP are likely gonna
> differ. I don't know of any 'good defaults' for LDAP
> ----

Let's leave out the people who already have X.500 and focus on small
networks who have more than one fedora/RH box and want to use NFS
with auto-mounted home directories and perhaps one or more windows
boxes that need access to those same home directories.  That probably
describes most small businesses and a lot of homes these days.  The
'good default' for this is basically the idealx setup but already
done instead of having to correctly follow pages of instructions.

> I know that you don't believe this but the standard base for users and
> groups is in /etc/passwd and /etc/group (and obviously by
> implication /etc/shadow)

That was a good idea back in the days when a company could only
afford one computer and did not use network file systems that
depended on consistent uids.  Now I'd guess that most of the people
on this list have more than one personal computer, reinstall the OS
on some of them frequently, and would like to not have to deal with
keeping parts of those files in sync when their OS update may need
other parts to be different on certain machines.

> They's been including various utilities for NIS but no one complains
> that they don't have turnkey solutions for NIS administration.

Does anyone use NIS after reading about its insecurity? That might
explain the lack of complaints.

> There's little difference with LDAP - if you actually created a DSA,
> created a container for 'users' put in the attributes necessary for
> users to authenticate, it still wouldn't work. LDAP doesn't do things
> necessary such as create user home directories, keep track of UID's and
> GID's to keep adding them sequentially, make their home directories, set
> their shell, etc. That's another layer of infrastructure. If you start
> to consider all of the layers of infrastructure that you will need to
> get going, you will find that much of the time, you aren't really
> talking about LDAP, you are talking about the integration of other
> technologies. 

You keep describing the precise reasons that we need a standard default
solution even though you don't seem to make that conclusion.  There
probably was a time when unix had no wrapper that combined the concepts
of creating user authentication and matching facilities like home
directories and mailboxes.  Somebody fixed that - it's time to do it
again. 

> LDAP is entirely off the table for a distribution unless it chooses to
> make it so - and the only way that they can do it is to detail a finite
> lists of services that are to be integrated and build it out. Recognize
> though that should a distribution take this approach, all of the
> services thus built out will have to have customized configurations too.

But there are clients already in the distribution - just no server to
match.

> There may be a point where Red Hat does try to provide an integrated
> setup - more specifically a turnkey setup of LDAP - but it isn't likely
> to be functional beyond a certain point, interchangeable with other OS's
> and other needs/implementations and thus, will be of value only to those
> that want to point and click administrate.

If the most popular distribution ships a working server based on
existing standards or RFC's then it would be up to everyone else to
match up or have a good justification for their differences.  If you
were really opposed to shipping something that sort-of works and
fixing it up over subsequent releases you probably wouldn't be on this
mailing list. 

-- 
  Les Mikesell
    les at futuresource.com

More information about the fedora-list mailing list