Re: RFC: Going the LDAP/Kerberos way with NetBSD.

[David Holland <dholland-tech%netbsd.org@localhost>]

On Tue, Apr 29, 2008 at 05:16:55PM +0200, Anders Magnusson wrote:
> Idea:
> - NetBSD should have an infrastructure primary based on LDAP for directory 
> services and Kerberos
>  for authentication, which is used in all environments as feasible.  Let 
> the {s}pwd.db stuff die and
>  retire ypserv.
>
> ...so, that sounds good, but how?

That does not sound good. We already have nsswitch.conf and it works
nicely. (There are ways it could be strengthened, maybe, too.) 

I don't see that abandoning it in favor of only LDAP is a step
forward.

Or maybe you mean to keep it and only replace the existing "files"
implementation with one that is integrated with LDAP? That doesn't
seem like a step forward either - it adds a great deal of complexity
to the basic files-only setup for effectively no benefit.

*Adding* LDAP support seems like a fine idea, but please keep in mind
that not everyone wants to use it.

(Also, as I've suggested before, the best way to handle small networks
is to add an "auxfiles" or similar target to nsswitch.conf that reads
from, say, /etc/aux, which you can then rsync around or manage with
git or whatever you like without inferfering with the rest of /etc.)

-- 
David A. Holland
dholland%netbsd.org@localhost