[Info-vax] HP Integrity rx2800 i4 (2.53GHz/32.0MB) :: PAKs won't load

[David Froble]

Stephen Hoffman wrote:
> On 2016-02-19 19:17:01 +0000, David Froble said:
> 
>> Stephen Hoffman wrote:
>>> On 2016-02-18 20:54:50 +0000, David Froble said:
>>>
>>>> Regardless of whether it is a group of files, or a single file 
>>>> (database), perhaps have that data as a separate part of the 
>>>> installation, with the installer specifying the location of the 
>>>> common data.  Along with a procedure to move the data.  Thus, all 
>>>> the grunt work would be avoided, and, upgrades would not need the 
>>>> common data moved back to a system disk, and upgrades affecting the 
>>>> common data would be a separate part of the total upgrade.
>>>
>>> Or you give the upgrade credentials to access LDAP and Kerberos — 
>>> if not simply reusing the credentials from the existing OS for that 
>>> access — and off you go.
>>>
>>> As much as I like relational databases over RMS, LDAP and Kerberos 
>>> are a widely-available distributed authentication system, with 
>>> built-in support for replication and distribution.
>>
>> We all know I don't get out much, but even so, your reply doesn't seem 
>> to address the topic you've replied to.  What am I missing?
> 
> 
> LDAP can replace most (maybe all?) of the whole pile of shared files, 
> completely avoiding the mess of having everybody aimed at one disk (for 
> whatever local definition of "disk" is in use underneath OpenVMS), and 
> LDAP also directly permitting distributed data replication and 
> distributed data synchronization.
> 
> LDAP and Kerberos are the commonly-accepted mechanisms for 
> authenticating OpenVMS users and passwords in distributed and single 
> sign-on environments, and Kerberos for distributed delegation.   These 
> tools are the approach commonly used across Windows Server Active 
> Directory and Open Directory servers.   LDAP authentication support was 
> recently (finally!) integrated into the default OpenVMS distribution, too.
> 
> Phillip proposed rebuilding the same "design" that OpenVMS has accreted, 
> albeit (potentially) with fewer logical names.   Which gives you the 
> same problems that you have now with the inflexibility of RMS file 
> (record) formats, the same mess on upgrading a mixed-version 
> configuration, and the same sorts of contention and related baggage.
> 
> LDAP can also be used entirely locally, so if you're going to overhaul 
> OpenVMS authentication in any significant fashion, then moving entirely 
> to LDAP — even if the authentication is performed entirely locally and 
> not involving access to a network LDAP server — consolidates everything 
> into one system and one set of calls, and whatever of the existing 
> interfaces are deigned worthy of wrapping and preservation.
> 
> TL;DR:  LDAP and Kerberos are like DNS, but for distributed 
> authentication and delegation.  Replicable, distributable, scaleable, 
> available, etc.

As initially claimed, I don't have day to day hands on experience with VMS 
clusters.  It was my impression that the scope of the common data was greater 
than just login authentication.

My vague impression of LDAP is that it's mainly for login authentication.  If my 
understanding is not correct, then I need to do more reading.  (I hate that.)