Shared libraries
Chris Siebenmann
cks at hawkwind.utcs.toronto.edu
Wed May 22 13:23:45 AEST 1991
mohta at necom830.cc.titech.ac.jp (Masataka Ohta) writes:
['| >' inclusion is by me.]
| My point is that gethostent of 4.2BSD is not so bad, definitely not bug.
| I am not claiming DNS is bad.
Since I dispute your first statement and agree with your second, we
seem to have a small problem (or not have a small problem as the case
may be).
| >You can always have aliases for specific interfaces; I don't think
| >the need to use nameserver A records instead of CNAMEs is all that
| >much of a hardship (or all that inelegant).
| It is, I think, just as ungraceful as naming all interfaces for
| authentification.
Apart from ifconfig purposes, one almost never needs to name specific
interfaces if one has well written software (and even less if you have
smart software). Certainly I can't think of a case where ordinary
users need to, unlike the authentification case with routines that
only return one IP address.
| > Registering all of the hostnames in the authentication data seems to
| >be equivalent (in this case) to requiring the users to name all the
| >interfaces (either by name or by IPs) when adding such data.
| Yes, but not for users.
There are, at least around here, unavoidable cases where users do the
authentificiation setup and not the system administrator. As an
example I quoted in the beginning, consider X11 with IP-based
connection authentification. I as a user's system administrator have
no idea what hosts he will want to authentificate, nor which of them
are multi-homed. The user types
xhost +neat.cs; xhost +bay.csri
and tries to start up an X application on both. Depending on where on
the network s/he happens to be sitting today, one fails and the other
works, both work, or both fail. This because xhost is only finding
(with a 4.2BSD gethostent()) the first listed IP address, and the
user's X server may wind up receiving connections that originated from
the second IP interfaces on both of those (multi-homed) hosts. At the
same time, an 'xhost +snow.white' works fine, because snow.white is
only a single-homed host ... today. That might change tomorrow.
| In general, there is not so many gateways. Addition of non-gateway
| hosts is much more frequent than the network topology change. Network
| topology change often accompanied by hosts addition. So...
[...]
| For normal users, relying on netgroups of NIS, which is maintained by
| system administrators, is the way to go. Users should not care minor
| hosts addition nor topology change.
On the other hand, network topology updates are often distributed,
not centralized. I don't have any idea whether or not the Department
of Statistics is splitting their network today, nor if this will
affect any of my users or any of their users who're trying to use my
machines. I maintain I shouldn't have to care.
[Note that locally we usually automatically distribute an /etc/hosts
around to various machines, via ftp and some scripts. Not having to
manually update my /etc/hosts every time something changes is quite
nice.]
| BTW, I don't think it is reasonable to require normal users to cope with
| subtle authentification.
One can either make the system administrator try and cope with it
instead, or give the user simple(r) authentification mechanisms. I
think a gethostent() setup that returns multiple IP address for
multi-homed hosts is "simpler" than one that returns just one when
others exist.
--
"This will be dynamically handled, possibly correctly, in 4.1."
- Dan Davison on streams configuration in SunOS 4.0
cks at hawkwind.utcs.toronto.edu ...!{utgpu,utzoo,watmath}!utgpu!cks
More information about the Comp.unix.internals
mailing list