On Tue, Mar 18, 2008 at 07:09:19PM -0400, Jeffrey Hutzelman wrote: > --On Tuesday, March 18, 2008 03:57:59 PM -0700 "Henry B. Hotz" > <hotz at jpl.nasa.gov> wrote: > >I'm not taking a position one way or the other, but I note that this list > >is a biased sample to answer this question. > > > >Many of Sun's customers have a lot invested in non-Sun configurations as > >well. Whether they would prefer to have their non-Sun ssh[d]_config > >files work as-is (least surprise?), or to have a SMF be a place to put > >just a few Sun-unique overrides I can't say.
Of course, sshd_config would not go away. > As such a customer, I hate SMF. It significantly increases the complexity *sniff* > of maintaining system configuration in a heterogeneous environment by > taking things I used to be able to do by distributing a file to every > machine and replacing it with a platform-specific database. Furthermore, > this is almost completely unnecessary, because it turns out that SMF solves > a problem I don't actually have, or at least one for which I've had a > satisfactory cross-platform solution for many years. > > This is a real issue for us; the effort involved in doing the last bits of > integration, including being able to configure SMF, has prevent us > deploying Solaris 10 despite having ported most of the software in our core > computing environment over two years ago. smf-discuss at opensolaris.org might like to hear from you. And maybe the OpenSolaris ARC. It may be that we should consider always having a way to update service configuration via files. And we may need to know whether, for example, having to run an adm command to read those is OK. But one thing is clear: the architectural direction for Solaris is and long has been to move away from configuration files whose admin interface is $EDITOR. > So, my preference is for my platform-independent sshd_config to have the > same effect on the next Solaris port we do as it's had on every previous > platform since we started supporting ssh. Again, sshd_config wouldn't go away. Storing config in SMF would be optional, and the intention is to make it much easier to configure alternate instances of the ssh service. E.g., I often manually run a server in debug mode on port 2222 on my systems. It might be nice to be able to trivially create a new instance of the ssh service that sets a debug option, another to set the file where the debug msgs go, and the port number. If it were only me running sshd instances in debug mode, who cares, but others have asked for it to be easy to create additional instances for other purposes. Nico --
