Date: Sat, 13 Dec 2008 22:30:43 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl> Cc: Nguyen Tam Chinh <unixvn@gmail.com>, freebsd-questions@freebsd.org Subject: Re: Centralized DB of "system" users Message-ID: <49443793.9030404@infracaninophile.co.uk> In-Reply-To: <20081213225041.P44804@wojtek.tensor.gdynia.pl> References: <139b44430812112348k5c51072ie771913c982f7cfe@mail.gmail.com> <49422A05.6050907@gmail.com> <ghtdp3$g0r$1@ger.gmane.org> <20081212120557.V3687@wojtek.tensor.gdynia.pl> <9bbcef730812120426t3c4b8a28q337c8379cd947702@mail.gmail.com> <20081212141156.E4001@wojtek.tensor.gdynia.pl> <139b44430812120527w7b22d8a1m860cbf308e4b67c3@mail.gmail.com> <ghtq19$o1f$1@ger.gmane.org> <64b284310812120645m6c5ee122mb0510014343eff3f@mail.gmail.com> <49442D1B.4000608@infracaninophile.co.uk> <20081213225041.P44804@wojtek.tensor.gdynia.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig496E7CAB19EAE366CFC0DA23
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Wojciech Puchar wrote:
>> Of course, as has been pointed out else-thread, LDAP is the way of the=
=20
>> future. It's much more scalable and interoperable between different O=
Ses
>=20
> and much more overcomplex, mostly unneeded complexity IMHO. Please thin=
k=20
> twice before telling about "the way of the future". It's just one way, =
> and i wish in "the future" i will still have a choice between many=20
> different tools and solutions, and be able to choose THE SIMPLEST for=20
> the problem, as i always do.
>=20
> As i didn't use NIS for a some time and never in FreeBSD i can't tell=20
> more about this, but at first look problem of database format is=20
> trivial, as master.passwd could be converted to 2-file format with few =
> lines of shell script, and i could be done periodically to make them up=
=20
> to date.
>=20
> Sorry if i missed something because i was some time ago.
>=20
> I just don't like overcomplex tools for simple tasks.
Funnily enough, I am actually in complete agreement with you. When I
said "The Way of the Future" -- that should be read with a certain degree=
of irony. No one is going to remove the simpler ways of doing this stuff=
any time soon, because the simple way is the right way for the vast major=
ity
of cases. Almost all of the systems I have any administrative oversight =
of
just use local password databases and SSH keys for authentication.
I do have a few instances where we use an LDAP back-end to provide an=20
authentication database for various web sites or other applications. Here=
the primary benefit is actually being able to build a distributed user
DB *without* having to give everybody local unix accounts. The benefits
outweigh the extra complexity involved.
Sure LDAP is complicated, but it's of the same order of complexity as a
RDBMS system like MySQL. And like MySQL, there are right times, places
and ways to use it, and wrong ones too. Yes, there is a lot of complexit=
y,
but that means there's a lot of flexibility too.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
--------------enig496E7CAB19EAE366CFC0DA23
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEAREIAAYFAklEN5kACgkQ8Mjk52CukIwEhACfYa464LKVoZv8JCLfgU4XBJFH
c8MAnRENTnZhPkbnrhCtHU4ka2Ora6S+
=V6pX
-----END PGP SIGNATURE-----
--------------enig496E7CAB19EAE366CFC0DA23--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49443793.9030404>