bzr serve and access control?
Stephen J. Turnbull
stephen at xemacs.org
Wed Feb 3 04:41:28 GMT 2010
Ben Finney writes:
> Thanks, Stephen. As far as I can tell, the "since it is a server" has
> nothing to do with that explanation, which is what threw me.
"Since it is a server" implies that users are not doing "generic" work
on the server and do not need accounts on the server. Thus, Unix
accounts are gratuitous opportunities for errors and hacking, *if*
authentication for a particular service can be offloaded onto the
service subsystem.
Given the frequency with which PAM hoses my MacPorts and/or Gentoo
"update world" operations, I suspect that there's a good reason why
services prefer to delegate authentication to the host by assuming
that users have accounts on the host. There's a real trade-off there,
which is one reason why entities with the money often go to host-per-
service architectures for their systems.
As I obscurely remarked before, per-service security is one of the
features of Plan 9 from Outer Space (er, Bell Labs, er, what's the
difference?) It tends to make experienced Unix admins go bald in the
most painful way, though.<wink>
More information about the bazaar
mailing list