Re: RFC: Going the LDAP/Kerberos way with NetBSD.

[Manuel Bouyer <bouyer%antioche.eu.org@localhost>]

On Tue, Apr 29, 2008 at 06:10:49PM +0100, Matthias Scheler wrote:
> 
> On 29 Apr 2008, at 16:16, Anders Magnusson wrote:
> >Let the {s}pwd.db stuff die ...
> 
> I don't think that is a good idea, see below.
> 
> >and retire ypserv.
> 
> YP is old but widely supported. There are networks which consists of a  
> large number of different
> operating system including old versions. NIS is often enough the only  
> common standard for
> sharing users and groups in such a network. NetBSD should continue to  
> support NIS.

Strongly seconded. I still use NIS at work and I don't see it dying
in the next few months (still running SunOS 4.1.x binaries under
NetBSD/sparc ...)


> [...]
> While I would like having a simple LDAP server I don't like this  
> approach. There are people which
> run NetBSD systems e.g. firewalls with only a single getty process  
> running. And that should
> still be possible.

Sure. And I also like flat files or their .db equivalent for critical
services (e.g. email, see manu@'s story with mail.local and nss :).
I want to still be able to use flat, static files on such systems.

> 
> Using files works very well and efficient on machines with only a few  
> users. The security

Or even with lots of users. The files can be generated from some kind
of database, and updated when needed. For some service it's more reliable
than using a network protocol.

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--