From owner-freebsd-hackers@freebsd.org Tue Jun 28 16:11:45 2016 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B28ADB82E9C for ; Tue, 28 Jun 2016 16:11:45 +0000 (UTC) (envelope-from emorrasg@yahoo.es) Received: from nm38.bullet.mail.ir2.yahoo.com (nm38.bullet.mail.ir2.yahoo.com [212.82.96.63]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 123DF2123 for ; Tue, 28 Jun 2016 16:11:44 +0000 (UTC) (envelope-from emorrasg@yahoo.es) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.es; s=s2048; t=1467130296; bh=BhS4VaHyTCA5Tk20SZ4Z57/Gqj+pZnmSuKrhQZNqAIw=; h=Date:From:To:Subject:In-Reply-To:References:From:Subject; b=divC8s22iafYN1eUKakPnAGRFfpgQxIPxazupM04qNfca05nLOQ64FXer4aQIXHcUuxXMTMLCUSC75pf6jhp2BZomysCrNcjVx3AdrrEyjUdJ1BoBG/GIUz8KNY/l757bXwBOWHg1A9VrYUH2OqjcvfRBMSIuTUH/OgUUti2JX7Wpy917PjQISVgybmi/2fRBI6vVVpH0lCIeY9IahJpfvY+uLON6xzpRTx80rw0KFxQIDlU8XRfEeEpBHGK1iPaF4dtSEYZlZryBLS/Mk8NncYlQ7oz8W4R0lrGqJW96GAMdIM5PmxarCtl5WUhvgvwakV7Uj/9lK1x2tm/jcio8A== Received: from [212.82.98.59] by nm38.bullet.mail.ir2.yahoo.com with NNFMP; 28 Jun 2016 16:11:36 -0000 Received: from [46.228.39.105] by tm12.bullet.mail.ir2.yahoo.com with NNFMP; 28 Jun 2016 16:11:35 -0000 Received: from [127.0.0.1] by smtp142.mail.ir2.yahoo.com with NNFMP; 28 Jun 2016 16:11:35 -0000 X-Yahoo-Newman-Id: 980215.66211.bm@smtp142.mail.ir2.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: Zlyrj5EVM1nEdprW.mYsSK2ykamyfChQrrisyZWLhdJyA6h mKoE.DoHO0bJhdmreXQ.77xGDkwh2_jBEYBKGSSLbWj.McQ1FSUUItmhW3Z6 AOyOtjsRTlDZar.Ep.TQi0DuStcfijJ9Jfc6y_QcDza84HtnhiB1q6grlomi KrNUB.TuK8C_YQqoOI_7qKIacJ71K7FrmBHLthwPk_wJSbGw819eYPL0TwW2 Fp2ZUGAf0FwhOY0rtMdgnkeA1OuLnQbTyZ13rgDTvowKM1wgvh0CNeGA6XKP Hk3_ReTbHA2DEvyqsSmNhFstIr2WzwSi7SPXq6cfU_dYcXwTXTMnHSNYjeNQ IWn.eqSoaTMFWzLFUFI5eo_Wz8CflcGSNyzgVWhJP3kItcLK_Jp173iYdHUF XmRfZyb3K7Hdlrd.1Mv2txZBdxDls50aOYYGjWYjrodNlx7txoyJhST2.uJb qyd5z0FDzXfe71SRfgPJjEp9Xag9hoXtbLmsOy.4RZElKvaRQsFWhQf_qeOS wIey9OQXHmHqf0UpBzGpKHblf X-Yahoo-SMTP: mX392iiswBAeJNdO_s.EW62LZDJR Date: Tue, 28 Jun 2016 18:11:40 +0200 From: Eduardo Morras To: freebsd-hackers@freebsd.org Subject: Re: The small installations network filesystem and users. Message-Id: <20160628181140.933d144cd5d830275e4be6c3@yahoo.es> In-Reply-To: <761f82d3-ebe9-2cba-9499-049dafbc98df@freebsd.org> References: <9BB7E8B3-EC0E-457E-B2B2-FB80B1CF02B0@gmail.com> <20160621075631.38c2eeaa7c224aa22ea9be4d@aei.mpg.de> <761f82d3-ebe9-2cba-9499-049dafbc98df@freebsd.org> X-Mailer: Sylpheed 3.5.0 (GTK+ 2.24.29; amd64-portbld-freebsd10.1) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2016 16:11:45 -0000 On Tue, 28 Jun 2016 21:04:45 +0800 Julian Elischer wrote: > On 21/06/2016 1:56 PM, Gerrit K=FChn wrote: > > On Mon, 20 Jun 2016 22:00:31 -0400 (EDT) Daniel Eischen > > wrote about Re: The small installations > > network filesystem and users.: > > > > DE> We should support LDAP client out of the box, in base. What > > DE> sucks now is that we need 3 packages (plus their dependencies) > > DE> and multiple config files for ldap: > > DE> > > DE> pam_ldap > > DE> nss_ldap > > DE> openldap-client > > > > I only have to install/config ldap-clients every now and then, but > > I would also strongly favour a more "integrated" setup (if that > > requires having it in base is a different question, though). A few > > weeks ago I used nss-pam-ldapd instead of pam_ldap and nss_ldap for > > the first time, and it appeared to work with a bit less of a hassle > > for me (otoh, I don't do any funky things here, I just need a > > replacement for what we did with NIS something like 20 years ago). >=20 > +1 > I just had to reinstall certs for my server. which means copying=20 > certs to several places (in a default config) > sendmail and syrus ad openssl (base) all look in different places. > you COULD make them all look in the same place > but that requires undersanding what is going on and not just cribbing=20 > the config file off the net somewhere. I use dhcpd to pass that configuration. On system startup, dhclient asks to dhcpd server the ip, time-ntp, dns, and configuration for its current job (pkgs/ports to install, apache conf, postgres conf, certs, etc.= .) depending on it's intended current use. I followed an old paper from EuroBSDCon,... this http://2004.eurobsdcon.org/uploads/media/EBSD04_slides_41.pdf to do the setup. Easier and faster (at least for me) than ldap and related for server setup. For user management, don't know, I don't have jelly users, only daemons. >=20 > I think ports and pkg are fine, but we need to have some more thought=20 > put into how they all go together. --- --- Eduardo Morras