[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACI module



Brian Empson wrote:
Is it possible to load ACI support as a module? It would really help when
installing from a precompiled package, all of which seem to turn off this very
powerful feature. (I really like it anyway)

The source code is there, build it however you like. One of the reasons open source software exists is to free you from whatever limitations are imposed by a binary provider. If you tie yourself to precompiled packages that don't do exactly what you want, you're somewhat missing the point.

ACIs are a security liability from a centralized administration perspective. They are intrinsically difficult to audit and difficult to track. Use of ACIs can make it impossible to prove that a given deployment correctly implements a formally defined security policy. IME, people who are fond of ACIs either don't understand the security risks, or don't care.
--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/