Date: Tue, 28 Jun 2016 18:11:40 +0200 From: Eduardo Morras <emorrasg@yahoo.es> To: freebsd-hackers@freebsd.org Subject: Re: The small installations network filesystem and users. Message-ID: <20160628181140.933d144cd5d830275e4be6c3@yahoo.es> In-Reply-To: <761f82d3-ebe9-2cba-9499-049dafbc98df@freebsd.org> References: <CACpH0MdJ0YjtB-H5h-7u%2BdC%2BbbjVhN-Y7ejM7u7W-SL01qC3aA@mail.gmail.com> <9BB7E8B3-EC0E-457E-B2B2-FB80B1CF02B0@gmail.com> <CACpH0MfYAe4JG5r3QmZ7B9jZWR3DTf-Hfb8Xrq1JiKdGpG5i0Q@mail.gmail.com> <Pine.GSO.4.64.1606202130170.10181@sea.ntplx.net> <20160621075631.38c2eeaa7c224aa22ea9be4d@aei.mpg.de> <761f82d3-ebe9-2cba-9499-049dafbc98df@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 28 Jun 2016 21:04:45 +0800 Julian Elischer <julian@freebsd.org> wrote: > On 21/06/2016 1:56 PM, Gerrit K=FChn wrote: > > On Mon, 20 Jun 2016 22:00:31 -0400 (EDT) Daniel Eischen > > <deischen@freebsd.org> wrote about Re: The small installations > > network filesystem and users.: > > > > DE> We should support LDAP client out of the box, in base. What > > DE> sucks now is that we need 3 packages (plus their dependencies) > > DE> and multiple config files for ldap: > > DE> > > DE> pam_ldap > > DE> nss_ldap > > DE> openldap-client > > > > I only have to install/config ldap-clients every now and then, but > > I would also strongly favour a more "integrated" setup (if that > > requires having it in base is a different question, though). A few > > weeks ago I used nss-pam-ldapd instead of pam_ldap and nss_ldap for > > the first time, and it appeared to work with a bit less of a hassle > > for me (otoh, I don't do any funky things here, I just need a > > replacement for what we did with NIS something like 20 years ago). >=20 > +1 > I just had to reinstall certs for my server. which means copying=20 > certs to several places (in a default config) > sendmail and syrus ad openssl (base) all look in different places. > you COULD make them all look in the same place > but that requires undersanding what is going on and not just cribbing=20 > the config file off the net somewhere. I use dhcpd to pass that configuration. On system startup, dhclient asks to dhcpd server the ip, time-ntp, dns, and configuration for its current job (pkgs/ports to install, apache conf, postgres conf, certs, etc.= .) depending on it's intended current use. I followed an old paper from EuroBSDCon,... this http://2004.eurobsdcon.org/uploads/media/EBSD04_slides_41.pdf to do the setup. Easier and faster (at least for me) than ldap and related for server setup. For user management, don't know, I don't have jelly users, only daemons. >=20 > I think ports and pkg are fine, but we need to have some more thought=20 > put into how they all go together. --- --- Eduardo Morras <emorrasg@yahoo.es>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160628181140.933d144cd5d830275e4be6c3>