On Wednesday, February 28, 2007 09:45:15 AM -0800 Gary Winiger <gww at eng.sun.com> wrote:
> Not saying the CU be damned, but just the opposite. IMO, as > I believe I stated this 3.5 years ago when this started, this > project is kludge/bandaid for lack of a proper architecture. > I'm saddened that such an architecture doesn't seem to be > forthcoming. Part of the issue is that not all customers want a "proper architecture" with complex databases that can only be updated by running obscure, platform-dependent programs. Some of us maintain large numbers of machines (1000+ in my case; orders of magnitude more for some of the customers mentioned), and we mostly do it using portable tools that maintain the contents of the filesystem. The master repository says what the system must look like, and the tool makes it so. Every time you introduce a database which can only be updated through some new interface, I have to write a helper program that attempts to use that interface to compare the current contents of the database to what my repository says should be there, and make the required changes. Installing a new inetd.conf and sending a SIGHUP is way easier than trying to update smf. And no, the conversion program Sun provides doesn't help here, because it doesn't recognize when it needs to _delete_ a service that's not in the input file. Just to make it more fun, several of the services that ship with Solaris use different names than those which would be used by the inetd.conf converter, for no apparent reason. So, while I likely won't be using the authorization mechanism currently under discussion, if I did, I'd want it to work exactly as described - let me provide a file which describes what needs to be done. Changes to that file are logged and audited elsewhere. -- Jeff
