The small installations network filesystem and users.

Zaphod Beeblebrox zbeeble at gmail.com
Tue Jun 21 00:58:19 UTC 2016


On Mon, Jun 20, 2016 at 6:11 PM, Chris Watson <bsdunix44 at gmail.com> wrote:

> I'm glad you brought this up. I wanted to but I've heard it before on the
> lists and realize that there is this disconnect between the developers
> doing the actual work to implement these things and the end users.
>
> [...]

>
> There was a photo from bsdcan this year of a "sysadmin spotting" shirt. If
> you read the text on it you actually begin to see how systemic and
> difficult actually using and configuring most software is. It's probably a
> good reason most developers use macs. In addition to better HW support. I'm
> not sure what the solution to this is. I think it would be great if beta
> testers and the developers had a closer connection and issues were handles
> in a timely manner. But in a volunteer project I get why that is
> unreasonable. But I mean go through the bug database and you can see PRs
> that are years old. I don't know. I just know I'm getting to old to spend
> all day beating my head against software to get it working. Honestly if I
> have to spend over an hour reading crap docs all over the net because your
> manpage make no sense or is vague, trying to configure the software, your
> software sucks and I'm rm'ing it. I recently went through this with
> opensmtpd. I went right back to postfix. And all over something as simple
> or should be as simple as mail aliases!
>
>
Not exactly where I expected this post to go, but for the record, I was at
BSDCan this year.  When I can get my head around something, I have
submitted patches (ethernet drivers, netgraph, softupdate bugs
(back-in-the-day), many ports and a few userland utilities).  I'm not
exactly a user who chucks things and installs linux.  I even run a full on
ADSL-providing ISP on FreeBSD without help from any non-FreeBSD product
other than my core switch.

That-all-said, authentication is a possible huge win.  I was recently
involved in a deployment of ubuntu that included LDAP and even though it
was a mess, it eventually was hammered into working.  Ubuntu and the
implementation were not my choice, but you do-what-you're-told when someone
else is paying the bill.  Honestly, I don't know how I would have pitched
FreeBSD there.  Not even ubuntu itself had LDAP right.  It was a
combination of third parties.  Even with that gigantic head start, LDAP was
a bear --- but AFAICT, LDAP is _required_ for NFSv4 deployments.  Now, LDAP
without Winblows is slightly less of a bear, _but_

Maybe this dovetails with a subtext at BSDCan's keysigning BOF: that many
projects risk irrelevance with their complexity.  It's not that I believe
complex setups are bad.  But simple things need be simple.  I have 3
machines at home (for instance) and a cluster of 8 machines in colo (run
the ISP).  On my 3 machines at home, I run NFSv3 because it works and I can
get it setup. I'd like to run NFSv4 because then my windows machines would
look at it, but I run SMB instead (v3, no less) because it roughly works.
So at home... I have three machines and a fairly liberal hacking time
budget.  I have failed at LDAP several times.  I'm back to copying the
master.password file around because that works.  I don't like it, but it
works.  It seems like the breakeven for LDAP effort vs. scp master.password
is somewhere around 50 machines.  -ish.

I realize the real problem is that authentication has become more complex
in the world since networks can't be trusted.  I have to wonder if we're
getting back closer to that now with all the tunneling on wifi and campus
networks.  Sigh.  I'm starting to feel like this whole post has no purpose.


More information about the freebsd-fs mailing list