The small installations network filesystem and users.
Eduardo Morras
emorrasg at yahoo.es
Tue Jun 28 16:11:45 UTC 2016
On Tue, 28 Jun 2016 21:04:45 +0800
Julian Elischer <julian at freebsd.org> wrote:
> On 21/06/2016 1:56 PM, Gerrit Kühn wrote:
> > On Mon, 20 Jun 2016 22:00:31 -0400 (EDT) Daniel Eischen
> > <deischen at freebsd.org> wrote about Re: The small installations
> > network filesystem and users.:
> >
> > DE> We should support LDAP client out of the box, in base. What
> > DE> sucks now is that we need 3 packages (plus their dependencies)
> > DE> and multiple config files for ldap:
> > DE>
> > DE> pam_ldap
> > DE> nss_ldap
> > DE> openldap-client
> >
> > I only have to install/config ldap-clients every now and then, but
> > I would also strongly favour a more "integrated" setup (if that
> > requires having it in base is a different question, though). A few
> > weeks ago I used nss-pam-ldapd instead of pam_ldap and nss_ldap for
> > the first time, and it appeared to work with a bit less of a hassle
> > for me (otoh, I don't do any funky things here, I just need a
> > replacement for what we did with NIS something like 20 years ago).
>
> +1
> I just had to reinstall certs for my server. which means copying
> certs to several places (in a default config)
> sendmail and syrus ad openssl (base) all look in different places.
> you COULD make them all look in the same place
> but that requires undersanding what is going on and not just cribbing
> the config file off the net somewhere.
I use dhcpd to pass that configuration. On system startup, dhclient
asks to dhcpd server the ip, time-ntp, dns, and configuration for its
current job (pkgs/ports to install, apache conf, postgres conf, certs, etc..)
depending on it's intended current use. I followed an old paper from
EuroBSDCon,... this
http://2004.eurobsdcon.org/uploads/media/EBSD04_slides_41.pdf to do the
setup. Easier and faster (at least for me) than ldap and related for
server setup. For user management, don't know, I don't have jelly
users, only daemons.
>
> I think ports and pkg are fine, but we need to have some more thought
> put into how they all go together.
--- ---
Eduardo Morras <emorrasg at yahoo.es>
More information about the freebsd-hackers
mailing list