Pluggable auth modules

Thiago Macieira thiago at kde.org
Wed Jun 1 14:51:28 PDT 2011 

On Wednesday, 1 de June de 2011 14:26:58 Pavel Strashkin wrote:
> > I disagree. If the design is flawed, we shouldn't put more energy into
> > it. We should find the proper, new design to replace it.
> 
> But what about dbus-daemon? I really like it and i don't want to
> implement my own dbus server and all this org.freedesktop.dbus.*
> stuffs so what do you suggest?

Deal with it. The dbus-daemon wasn't designed to do what you're asking. And we 
don't want to add more to it, since it's a central piece of any modern Linux 
stack. It should remain small and efficient.

If you want to extend the functionality, you will have to roll out your own.

> Move auth from dbus level to service/client level?

No, move the auth to before D-Bus. That is, to the thing that sets up the 
sockets or other transport mechanisms. For example, an SSL-based connection 
could authenticate via exchange of certificates -- there's no need for D-Bus to 
add another authentication layer.

> i.e. dbus-daemon will be just like a router?

Yes,.

> This is the protocol redesign and it may take the years to start it,
> implement it and replace an older implementation. Also i don't see

Huh? We're not talking about redesigning anything. We're talking about not 
adding anything new, just keeping what we have.

> backward-compatibility if dbus will go this way. If you have an idea
> (or at least some fast thought) how you would like to see it - let's
> try to discuss and launch it. "Disagree, Disagree, Disagree, ..."
> doesn't help me to help to dbus and myself :) hard-coded auths is the
> problem and i want to solve it.

You're the only one who wants it.

> I'm talking about dbus-daemon because it's just a server/process and
> you just start it and ask it to route messages between
> services/clients and the only way to configure it is use command line
> options or configuration files. Without it i can't say: "hey, use
> auth-1 and auth-2 please, you can get it from this location..."
> because i don't have an access to code. In case of service/client i
> have so i can use some API.
> 
> P.S. i think i'll try to implement my idea in a background and post it
> as a patch to bugzilla for a review. Approve or deny it - dbus team
> choice.

-- 
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
  Senior Product Manager - Nokia, Qt Development Frameworks
      PGP/GPG: 0x6EF45358; fingerprint:
      E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.freedesktop.org/archives/dbus/attachments/20110601/79207a7e/attachment.pgp>

More information about the dbus mailing list