Centralized DB of "system" users

Matthew Seaman m.seaman at infracaninophile.co.uk
Sat Dec 13 14:30:56 PST 2008 

Wojciech Puchar wrote:
>> Of course, as has been pointed out else-thread, LDAP is the way of the 
>> future.  It's much more scalable and interoperable between different OSes
> 
> and much more overcomplex, mostly unneeded complexity IMHO. Please think 
> twice before telling about "the way of the future". It's just one way, 
> and i wish in "the future" i will still have a choice between many 
> different tools and solutions, and be able to choose THE SIMPLEST for 
> the problem, as i always do.
> 
> As i didn't use NIS for a some time and never in FreeBSD i can't tell 
> more about this, but at first look problem of database format is 
> trivial, as master.passwd could be converted to 2-file format with few 
> lines of shell script, and i could be done periodically to make them up 
> to date.
> 
> Sorry if i missed something because i was some time ago.
> 
> I just don't like overcomplex tools for simple tasks.

Funnily enough, I am actually in complete agreement with you.  When I
said "The Way of the Future" -- that should be read with a certain degree
of irony.  No one is going to remove the simpler ways of doing this stuff
any time soon, because the simple way is the right way for the vast majority
of cases.  Almost all of the systems I have any administrative oversight of
just use local password databases and SSH keys for authentication.

I do have a few instances where we use an LDAP back-end to provide an 
authentication database for various web sites or other applications. Here
the primary benefit is actually being able to build a distributed user
DB *without* having to give everybody local unix accounts.  The benefits
outweigh the extra complexity involved.

Sure LDAP is complicated, but it's of the same order of complexity as a
RDBMS system like MySQL.   And like MySQL, there are right times, places
and ways to use it, and wrong ones too.  Yes, there is a lot of complexity,
but that means there's a lot of flexibility too.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                 Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                 Kent, CT11 9PW


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20081213/574058f9/signature-0001.pgp

More information about the freebsd-questions mailing list