From owner-freebsd-questions@FreeBSD.ORG Sat Dec 13 22:30:56 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 928E81065673 for ; Sat, 13 Dec 2008 22:30:56 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (gate6.infracaninophile.co.uk [IPv6:2001:8b0:151:1::1]) by mx1.freebsd.org (Postfix) with ESMTP id C04688FC1C for ; Sat, 13 Dec 2008 22:30:55 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.3/8.14.3) with ESMTP id mBDMUna2070041; Sat, 13 Dec 2008 22:30:50 GMT (envelope-from m.seaman@infracaninophile.co.uk) X-DKIM: Sendmail DKIM Filter v2.7.2 smtp.infracaninophile.co.uk mBDMUna2070041 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=infracaninophile.co.uk; s=200708; t=1229207450; bh=PIGDX0BozCBG9G Pfh3/n6vAQHRX0aMbhQI2iX0j05lU=; h=Message-ID:Date:From:MIME-Version: To:CC:Subject:References:In-Reply-To:Content-Type:Cc:Content-Type: Date:From:In-Reply-To:Message-ID:Mime-Version:References:To; z=Mes sage-ID:=20<49443793.9030404@infracaninophile.co.uk>|Date:=20Sat,=2 013=20Dec=202008=2022:30:43=20+0000|From:=20Matthew=20Seaman=20|Organization:=20Infracaninophile|User -Agent:=20Thunderbird=202.0.0.18=20(X11/20081125)|MIME-Version:=201 .0|To:=20Wojciech=20Puchar=20|CC:=2 0Nguyen=20Tam=20Chinh=20,=20freebsd-questions@fre ebsd.org|Subject:=20Re:=20Centralized=20DB=20of=20"system"=20users| References:=20<139b44430812112348k5c51072ie771913c982f7cfe@mail.gma il.com>=20<49422A05.6050907@gmail.com>=20=20<20081212120557.V3687@wojtek.tensor.gdynia.pl>=20<9bbcef730812 120426t3c4b8a28q337c8379cd947702@mail.gmail.com>=20<20081212141156. E4001@wojtek.tensor.gdynia.pl>=20<139b44430812120527w7b22d8a1m860cb f308e4b67c3@mail.gmail.com>=20=20<64b28 4310812120645m6c5ee122mb0510014343eff3f@mail.gmail.com>=20<49442D1B .4000608@infracaninophile.co.uk>=20<20081213225041.P44804@wojtek.te nsor.gdynia.pl>|In-Reply-To:=20<20081213225041.P44804@wojtek.tensor .gdynia.pl>|X-Enigmail-Version:=200.95.6|Content-Type:=20multipart/ signed=3B=20micalg=3Dpgp-sha256=3B=0D=0A=20protocol=3D"application/ pgp-signature"=3B=0D=0A=20boundary=3D"------------enig496E7CAB19EAE 366CFC0DA23"; b=ZY0UpemTPMG+yyAHQa0MvWQC+Enj+fvzYVKTSYinPFMN0K73ub6 5QaluMFnxAutD9f8HNgQLntR31d+sITwm5MydH09qlPCganP57tvyvkBLylNt/oybM/ jRYUx9pBmD3NyvOJilvAwOephiuZ4cgQXG7lZzNRBwvNSQGuZbWps= Message-ID: <49443793.9030404@infracaninophile.co.uk> Date: Sat, 13 Dec 2008 22:30:43 +0000 From: Matthew Seaman Organization: Infracaninophile User-Agent: Thunderbird 2.0.0.18 (X11/20081125) MIME-Version: 1.0 To: Wojciech Puchar References: <139b44430812112348k5c51072ie771913c982f7cfe@mail.gmail.com> <49422A05.6050907@gmail.com> <20081212120557.V3687@wojtek.tensor.gdynia.pl> <9bbcef730812120426t3c4b8a28q337c8379cd947702@mail.gmail.com> <20081212141156.E4001@wojtek.tensor.gdynia.pl> <139b44430812120527w7b22d8a1m860cbf308e4b67c3@mail.gmail.com> <64b284310812120645m6c5ee122mb0510014343eff3f@mail.gmail.com> <49442D1B.4000608@infracaninophile.co.uk> <20081213225041.P44804@wojtek.tensor.gdynia.pl> In-Reply-To: <20081213225041.P44804@wojtek.tensor.gdynia.pl> X-Enigmail-Version: 0.95.6 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------enig496E7CAB19EAE366CFC0DA23" X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0.1 (smtp.infracaninophile.co.uk [IPv6:::1]); Sat, 13 Dec 2008 22:30:50 +0000 (GMT) X-Virus-Scanned: ClamAV version 0.94.2, clamav-milter version 0.94.2 on happy-idiot-talk.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.8 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VERIFIED,NO_RELAYS autolearn=ham version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on happy-idiot-talk.infracaninophile.co.uk Cc: Nguyen Tam Chinh , freebsd-questions@freebsd.org Subject: Re: Centralized DB of "system" users X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Dec 2008 22:30:56 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig496E7CAB19EAE366CFC0DA23 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Wojciech Puchar wrote: >> Of course, as has been pointed out else-thread, LDAP is the way of the= =20 >> future. It's much more scalable and interoperable between different O= Ses >=20 > and much more overcomplex, mostly unneeded complexity IMHO. Please thin= k=20 > twice before telling about "the way of the future". It's just one way, = > and i wish in "the future" i will still have a choice between many=20 > different tools and solutions, and be able to choose THE SIMPLEST for=20 > the problem, as i always do. >=20 > As i didn't use NIS for a some time and never in FreeBSD i can't tell=20 > more about this, but at first look problem of database format is=20 > trivial, as master.passwd could be converted to 2-file format with few = > lines of shell script, and i could be done periodically to make them up= =20 > to date. >=20 > Sorry if i missed something because i was some time ago. >=20 > I just don't like overcomplex tools for simple tasks. Funnily enough, I am actually in complete agreement with you. When I said "The Way of the Future" -- that should be read with a certain degree= of irony. No one is going to remove the simpler ways of doing this stuff= any time soon, because the simple way is the right way for the vast major= ity of cases. Almost all of the systems I have any administrative oversight = of just use local password databases and SSH keys for authentication. I do have a few instances where we use an LDAP back-end to provide an=20 authentication database for various web sites or other applications. Here= the primary benefit is actually being able to build a distributed user DB *without* having to give everybody local unix accounts. The benefits outweigh the extra complexity involved. Sure LDAP is complicated, but it's of the same order of complexity as a RDBMS system like MySQL. And like MySQL, there are right times, places and ways to use it, and wrong ones too. Yes, there is a lot of complexit= y, but that means there's a lot of flexibility too. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW --------------enig496E7CAB19EAE366CFC0DA23 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREIAAYFAklEN5kACgkQ8Mjk52CukIwEhACfYa464LKVoZv8JCLfgU4XBJFH c8MAnRENTnZhPkbnrhCtHU4ka2Ora6S+ =V6pX -----END PGP SIGNATURE----- --------------enig496E7CAB19EAE366CFC0DA23--