Brian Empson wrote:
Is it possible to load ACI support as a module? It would really help
installing from a precompiled package, all of which seem to turn off this very
powerful feature. (I really like it anyway)
The source code is there, build it however you like. One of the reasons open
source software exists is to free you from whatever limitations are imposed by
a binary provider. If you tie yourself to precompiled packages that don't do
exactly what you want, you're somewhat missing the point.
ACIs are a security liability from a centralized administration perspective.
They are intrinsically difficult to audit and difficult to track. Use of ACIs
can make it impossible to prove that a given deployment correctly implements a
formally defined security policy. IME, people who are fond of ACIs either
don't understand the security risks, or don't care.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/