tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: RFC: Going the LDAP/Kerberos way with NetBSD.

On Tue, Apr 29, 2008 at 05:16:55PM +0200, Anders Magnusson wrote:
> Idea:
> - NetBSD should have an infrastructure primary based on LDAP for directory 
> services and Kerberos
>  for authentication, which is used in all environments as feasible.  Let 
> the {s}pwd.db stuff die and
>  retire ypserv.
>, that sounds good, but how?

That does not sound good. We already have nsswitch.conf and it works
nicely. (There are ways it could be strengthened, maybe, too.) 

I don't see that abandoning it in favor of only LDAP is a step

Or maybe you mean to keep it and only replace the existing "files"
implementation with one that is integrated with LDAP? That doesn't
seem like a step forward either - it adds a great deal of complexity
to the basic files-only setup for effectively no benefit.

*Adding* LDAP support seems like a fine idea, but please keep in mind
that not everyone wants to use it.

(Also, as I've suggested before, the best way to handle small networks
is to add an "auxfiles" or similar target to nsswitch.conf that reads
from, say, /etc/aux, which you can then rsync around or manage with
git or whatever you like without inferfering with the rest of /etc.)

David A. Holland

Home | Main Index | Thread Index | Old Index