On 10 Mar 2005 at 22:06, Aleksandar Milivojevic wrote:
> If you are forcing users to jump through too many hops to get
> something working, they are more likely to disable security
> mechanisms than to configure things correctly. This is not
> limited to IT security. It is in human nature.
Yes, this is one of the great problems of automated computing since
its inception, the lack of consistency in approach to human
interface solutions and the arcane complexity in consequence of
having many single-purpose solutions required to interact with one
another. These aspects of Unix and Linux are oft depreciated
examples frequently used in arguments of why heterogeneous
development (open source) is not yet ready for "prime time."
I find myself spending far more time pouring over manuals, how-to
books and articles, READMES, and even source code, trying to
discover why program xyz will not run or produce the expected
result than I spend creating code or designing systems. For
example, I am in the process of moving our imap server from an RH
3ES box to a newly built CentOS 4 platform. Now on RH3 I had to get
Dag's Cyrus-Imapd and install it, and poke around for a bit with
saslauth and after seven or ten days of trial and error I completed
the move from our old HP-UX machine to RH. That was last year.
Now I am moving from RH3 to CentOS 4 and mercy of mercies, Cyrus-
Imapd is shipped with CentOS4. What could be simpler? Well,
despite the fact that I am just doing a proof of concept test and
am simply using basic Linux authentication right out of the box, I
am not yet able to connect as the cyrus user and create mailboxes.
Admittedly I only started this yesterday afternoon but still, one
would think that the basic configuration would just "go" when one
fired up the daemons and not require a considerable effort to find
out which packager assumptions I am transgressing because another
packager's assumptions do not coincide with the first's.
This situation is very frustrating but it must be kept in
perspective. I recall building my first Cyrus-Imap server back in
October of 1995 and having first to get and bootstrap build
binutils and gcc with the K&R C compiler HP shipped and only then
locate, download, and build, often after considerable heartache
discovering which modifications were necessary to successfully
compile, each of many support systems necessary to get what I
wanted, a sealed server mailbox solution, running. By comparison
to then the improvement in the present situation is almost surreal.
I expect that package management will further advance to also deal
with the annoying aspect of package configuration, automatically
detecting existing installations and logically reconfiguring the
new package to co-operatively work with the existing software.
Something like the Microsoft Windows registry, in function and
intent, will be the next logical step in Linux package management
and configuration. A well defined package configuration API
consistently applied will go a long way to simplifying Linux system
administration and improving productivity. SELinux will possibly
hasten that development because of its fine granularity which
offers the prospect of nearly infinite torture if something obscure
goes wrong.
Back to saslauth.
Regards,
Jim
--
*** e-mail is not a secure channel ***
mailto:byrnejb.<token>@harte-lyne.ca
James B. Byrne Harte & Lyne Limited
vox: +1 905 561 1241 9 Brockley Drive
fax: +1 905 561 0757 Hamilton, Ontario
<token> = hal Canada L8E 3C3
