[Info-vax] HP Integrity rx2800 i4 (2.53GHz/32.0MB) :: PAKs won't load

Fri Feb 19 14:39:55 EST 2016

On 2016-02-19 19:17:01 +0000, David Froble said:

> Stephen Hoffman wrote:
>> On 2016-02-18 20:54:50 +0000, David Froble said:
>> 
>>> Regardless of whether it is a group of files, or a single file 
>>> (database), perhaps have that data as a separate part of the 
>>> installation, with the installer specifying the location of the common 
>>> data.  Along with a procedure to move the data.  Thus, all the grunt 
>>> work would be avoided, and, upgrades would not need the common data 
>>> moved back to a system disk, and upgrades affecting the common data 
>>> would be a separate part of the total upgrade.
>> 
>> Or you give the upgrade credentials to access LDAP and Kerberos â€” if 
>> not simply reusing the credentials from the existing OS for that access 
>> â€” and off you go.
>> 
>> As much as I like relational databases over RMS, LDAP and Kerberos are 
>> a widely-available distributed authentication system, with built-in 
>> support for replication and distribution.
> 
> We all know I don't get out much, but even so, your reply doesn't seem 
> to address the topic you've replied to.  What am I missing?

LDAP can replace most (maybe all?) of the whole pile of shared files, 
completely avoiding the mess of having everybody aimed at one disk (for 
whatever local definition of "disk" is in use underneath OpenVMS), and 
LDAP also directly permitting distributed data replication and 
distributed data synchronization.

LDAP and Kerberos are the commonly-accepted mechanisms for 
authenticating OpenVMS users and passwords in distributed and single 
sign-on environments, and Kerberos for distributed delegation.   These 
tools are the approach commonly used across Windows Server Active 
Directory and Open Directory servers.   LDAP authentication support was 
recently (finally!) integrated into the default OpenVMS distribution, 
too.

Phillip proposed rebuilding the same "design" that OpenVMS has 
accreted, albeit (potentially) with fewer logical names.   Which gives 
you the same problems that you have now with the inflexibility of RMS 
file (record) formats, the same mess on upgrading a mixed-version 
configuration, and the same sorts of contention and related baggage.

LDAP can also be used entirely locally, so if you're going to overhaul 
OpenVMS authentication in any significant fashion, then moving entirely 
to LDAP — even if the authentication is performed entirely locally and 
not involving access to a network LDAP server — consolidates everything 
into one system and one set of calls, and whatever of the existing 
interfaces are deigned worthy of wrapping and preservation.

TL;DR:  LDAP and Kerberos are like DNS, but for distributed 
authentication and delegation.  Replicable, distributable, scaleable, 
available, etc.

-- 
Pure Personal Opinion | HoffmanLabs LLC 