Re: RFC: Going the LDAP/Kerberos way with NetBSD.

To: Matthias Scheler <tron%zhadum.org.uk@localhost>
Subject: Re: RFC: Going the LDAP/Kerberos way with NetBSD.
From: Anders Magnusson <ragge%ludd.ltu.se@localhost>
Date: Tue, 29 Apr 2008 19:39:08 +0200

Matthias Scheler skrev:


On 29 Apr 2008, at 16:16, Anders Magnusson wrote:

Let the {s}pwd.db stuff die ...


I don't think that is a good idea, see below.

Note that {s}pwd.db has nothing to do with yp.

and retire ypserv.
YP is old but widely supported. There are networks which consists of alarge number of differentoperating system including old versions. NIS is often enough the onlycommon standard forsharing users and groups in such a network. NetBSD should continue tosupport NIS.

Yep, it should, therefore I wrote nothing on removing ypbind :-)
For ypserv, there are two things:
- Move the old ypserv goo to pkgsrc.

- Provide yp compat for ldap. Simple and clean, and especially good ina migrating environment.

I however agree that it is time to offer an alternative.
So, I went the other way and wrote a small LDAP serverimplementation, just to see how simple itcan be if all bells and whistles are removed. And my prototype issmall :-)
Which files or local database can it replace? I use an OpenLDAP serverunder NetBSD at home andbesides users and groups it also provides automounter maps for my MacOS X machine.

All databases, just as OpenLDAP. That is just the database contents.

- Deliver NetBSD with my small LDAP server, which can be a daemonthat always runs on the machine.
Let pwd_mkdb et al write the stuff directly into the LDAP database.
While I would like having a simple LDAP server I don't like thisapproach. There are people whichrun NetBSD systems e.g. firewalls with only a single getty processrunning. And that should
still be possible.

Of course, that's one of my points (even though it may not have been soclear).If the ldap server is not started things will just read the old files asalways.But if it is started the benefits of of using it will become availabledirectly.


-- Ragge

Using files works very well and efficient on machines with only a fewusers. The securityproblems (e.g. that "/usr/bin/passwd") are well understood. Running anOpenLDAP server
should never be an requirement.

    Kind regards

Follow-Ups:
- Re: RFC: Going the LDAP/Kerberos way with NetBSD.
  - From: Matthias Scheler

References:
- RFC: Going the LDAP/Kerberos way with NetBSD.
  - From: Anders Magnusson
- Re: RFC: Going the LDAP/Kerberos way with NetBSD.
  - From: Matthias Scheler

Prev by Date: Re: RFC: Going the LDAP/Kerberos way with NetBSD.
Next by Date: Re: RFC: Going the LDAP/Kerberos way with NetBSD.
Previous by Thread: Re: RFC: Going the LDAP/Kerberos way with NetBSD.
Next by Thread: Re: RFC: Going the LDAP/Kerberos way with NetBSD.
Indexes:

Home | Main Index | Thread Index | Old Index