From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: tuhs-bounces@minnie.tuhs.org X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,SUBJ_ALL_CAPS autolearn=no autolearn_force=no version=3.4.2 Received: from minnie.tuhs.org (minnie.tuhs.org [45.79.103.53]) by inbox.vuxu.org (OpenSMTPD) with ESMTP id 096edcf0 for ; Tue, 6 Nov 2018 00:33:36 +0000 (UTC) Received: by minnie.tuhs.org (Postfix, from userid 112) id 95573A2444; Tue, 6 Nov 2018 10:33:35 +1000 (AEST) Received: from minnie.tuhs.org (localhost [127.0.0.1]) by minnie.tuhs.org (Postfix) with ESMTP id 8B75EA2431; Tue, 6 Nov 2018 10:33:18 +1000 (AEST) Received: by minnie.tuhs.org (Postfix, from userid 112) id A1FACA215E; Tue, 6 Nov 2018 09:07:56 +1000 (AEST) Received: from tncsrv06.tnetconsulting.net (tncsrv06.tnetconsulting.net [45.33.28.24]) by minnie.tuhs.org (Postfix) with ESMTPS id 3DBDCA1FBC for ; Tue, 6 Nov 2018 09:07:51 +1000 (AEST) Received: from Contact-TNet-Consulting-Abuse-for-assistance by tncsrv06.tnetconsulting.net (8.15.2/8.15.2/Debian-3) with ESMTPSA id wA5N7noc025285 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Mon, 5 Nov 2018 17:07:50 -0600 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=tnetconsulting.net; s=2015; t=1541459270; bh=9jlr5mRYZbsBMkBOaGDaJrpbTySF7lc/isX5onigi4o=; h=Subject:To:References:From:Message-ID:Date:User-Agent: MIME-Version:In-Reply-To:Content-Type:Cc:Content-Disposition: Content-Language:Content-Transfer-Encoding:Content-Type:Date:From: In-Reply-To:Message-ID:MIME-Version:References:Reply-To: Resent-Date:Resent-From:Resent-To:Resent-Cc:Sender:Subject:To: User-Agent; b=gvmH+yBvIQG1Qngo2b/gTQX3ixJVshCj1EoET7P9LE066sFW91fi8e+TFMp6H6kKe vuStyS/0wN1nUdZGp9vXDc6yBqtPVqJ7RGUtBBKFgeMIyQ2og8cj+TOkjflseCByDe npPzqsB59ugzqlHKkFMlzy4ZMQRRvgChFa7qGVK8= To: tuhs@minnie.tuhs.org References: Organization: TNet Consulting Message-ID: <6a64b957-5912-b102-c73c-d0b71bd24188@spamtrap.tnetconsulting.net> Date: Mon, 5 Nov 2018 16:07:49 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms010903060006050406020705" Subject: Re: [TUHS] YP / NIS / NIS+ / LDAP X-BeenThere: tuhs@minnie.tuhs.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: The Unix Heritage Society mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Grant Taylor via TUHS Reply-To: Grant Taylor Errors-To: tuhs-bounces@minnie.tuhs.org Sender: "TUHS" This is a cryptographically signed message in MIME format. --------------ms010903060006050406020705 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 11/05/2018 01:48 PM, A. P. Garcia wrote: > Yes, that's exactly what Active Directory does and does well, so why=20 > shun it? I'd be interested in knowing where a pure unix environment=20 > exists, beyond my imagination and dreams that is. Ah. Let me describe it this way: LAN with a mixture of Windows and Linux /workstations/ that doesn't=20 include a Windows /server/ to provide the AD resources (DNS, LDAP,=20 Kerberos, etc.) I guess it could be said that Samba4 acting as an AD DC might be the=20 proper choice here. But that sounds like some hassle without the=20 typical Windows GUI tools for administering AD. - I've also never done = that, so the unknown quantity is a bit deterrent. I can also see having multiple Linux machines in a network without any=20 other OS. Possibly a cluster of Raspberry Pi Zeros on a Cluster Hat.=20 }:-) Use the underlying Pi as the gateway and infrastructure device,=20 including the directory. The point being, there are environments with multiple Linux (Unix)=20 machines that don't have ready access to AD. Thus my asking about the=20 Unix (Linux) native method. > Linux is pretty much a first class citizen in a Windows world=20 > today. Samba4 can act as a domain controller, but I don't know how=20 > practical that solution is, how well it scales, or what kind of support= =20 > exists. It uses the same standard protocols as AD. I feel like standing up AD, be it on Windows Server or Linux with=20 Samba4, is applying a Windows centric solution to Linux (Unix) systems.=20 I think this is acceptable if there is already Windows ~> AD in the mix. = But that's not always the case. I also loath the idea that Unix (Linux) doesn't have a stand alone=20 central directory server solution. Or if LDAP + Kerveros is said=20 solution, so be it. - That's sort of what I'm trying to figure out. > I do dread the day that Microsoft introduces "Group Policy for Linux", = > if they haven't already. I'm fairly certain that group policy objects do exist for Linux AD=20 clients. I think they are just simpler and can do far fewer things. I=20 think they also effectively map to the standard things that we could=20 already do in Linux. It's just behind a Microsoft MMC snap-in to edit GP= Os. > Also, I like Powershell and was stoked when they introduced it to Linux= ,=20 > but I've personally been resisting its use to manage Linux servers,=20 > perhaps for no good reason. I know a couple of people that have messed with PowerShell on Linux.=20 One of whom actually prefers PowerShell to Bash (et al) for scripting.=20 He stated that things are stored in data structures in PowerShell, and=20 as such were easier to manipulate and work with, compared to=20 unstructured data in STDIN / STDOUT. He also stated that PowerShell was functionally just another shell for=20 doing things on Linux. In some ways, quite similar to moving between=20 /bin/sh, /bin/bash, /bin/zsh, etc. Obviously interacting with the shell = is different. But you're still calling Linux commands to do core=20 things. The glue is just different. > Yesterday I read that MS is starting to develop SysInternals-like tools= =20 > for Linux. They own GitHub. Like it or not, they're not going away.=20 > They're going to continue diluting the waters between Windows and Linux= =20 > more and more. Resistance is futile. I was more meaning environments that don't include Windows Server, not=20 meaning to shun Windows. Translation: What is the current Unix (Linux) method to provide central = user directory / authentication for about a dozen Unix (Linux / Solaris=20 / *BSD / AIX) systems /without/ a Windows Server in the mix. I don't=20 own a license for any version of Windows Server that supports AD. Nor=20 do I feel compelled to buy one. --=20 Grant. . . . unix || die --------------ms010903060006050406020705 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC CxcwggUpMIIEEaADAgECAhAIzwdZriPvq7FXSbc0jGReMA0GCSqGSIb3DQEBCwUAMIGXMQsw CQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxm b3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDE9MDsGA1UEAxM0Q09NT0RPIFJTQSBD bGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTAeFw0xNzExMTcwMDAw MDBaFw0xODExMTcyMzU5NTlaMCsxKTAnBgkqhkiG9w0BCQEWGmd0YXlsb3JAdG5ldGNvbnN1 bHRpbmcubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhfMhFM6CDAWL4Mg xrKLLbzTCILpI7uBzgG/HFXxV92MX4fba+pAotqOV8of7uF4YykVw94lCsOmFeVkb8VNSn6Q KSFbfnjXmYgU7XRtFHioTZihIynEXXI1LPMhnDXV9jCEzVvrlBx/6mSPdQcWhG1oMAlGd62w uu/CRE5U70LngVVat0wDJhdzrHxZabQlHhAPAvwMex8ObGDAkuieUCn5pQj2xqVKMB65vdcE ZydA8d8X8mvqHHOrEOg5xIwpca7E4JeUMxzYrdp3kVS7V+wXUui1nPwMb6o8WUe72FnL27BY mGqmtUGUc/ajGDUMS4xvabJ0M4Qc/NVGf56qDwIDAQABo4IB2jCCAdYwHwYDVR0jBBgwFoAU gq9sjPjF/pZhfOgfPStxSF7Ei8AwHQYDVR0OBBYEFD8vJWpDFBkhAbiZGgx0EIUgH1EoMA4G A1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEF BQcDAjBGBgNVHSAEPzA9MDsGDCsGAQQBsjEBAgEDBTArMCkGCCsGAQUFBwIBFh1odHRwczov L3NlY3VyZS5jb21vZG8ubmV0L0NQUzBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLmNv bW9kb2NhLmNvbS9DT01PRE9SU0FDbGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWls Q0EuY3JsMIGLBggrBgEFBQcBAQR/MH0wVQYIKwYBBQUHMAKGSWh0dHA6Ly9jcnQuY29tb2Rv Y2EuY29tL0NPTU9ET1JTQUNsaWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1haWxDQS5j cnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTAlBgNVHREEHjAcgRpn dGF5bG9yQHRuZXRjb25zdWx0aW5nLm5ldDANBgkqhkiG9w0BAQsFAAOCAQEArDRhn6+otAvz JNgWiGsEeKawiBwqIlR8NSoiOpNYfpmZWS7A+X2mn/47nUT1KypbS3Mf8j8N1rf/FU53p0So WBsnqPAYajAaLjXnGoOEs8pOW0nK/vFYGJHdh8RXvxpPBOd7HUQCqsc4MGJUgasfrWdwqfAZ C1C0G7rNxY5Uvj8RFBPb7d+RfOaegUBMc5FDiXB3Xs43lUEWoWiMi6R3Y5PlQyrvLJB39cLw iLWlOom79addldgAaWZsxnwUDgQgth5ARr1Jw+nfNIimmauAtxDJMgaV17B4ODeuHI1jlPoG HS4+u/qVAwSYq4vtaCN1PSPHwqrrnERAj40c6yPyvzCCBeYwggPOoAMCAQICEGqb4Tg7/ytr nwHV2binUlYwDQYJKoZIhvcNAQEMBQAwgYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVh dGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBM aW1pdGVkMSswKQYDVQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4X DTEzMDExMDAwMDAwMFoXDTI4MDEwOTIzNTk1OVowgZcxCzAJBgNVBAYTAkdCMRswGQYDVQQI ExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9E TyBDQSBMaW1pdGVkMT0wOwYDVQQDEzRDT01PRE8gUlNBIENsaWVudCBBdXRoZW50aWNhdGlv biBhbmQgU2VjdXJlIEVtYWlsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA vrOeV6wodnVAFsc4A5jTxhh2IVDzJXkLTLWg0X06WD6cpzEup/Y0dtmEatrQPTRI5Or1u6zf +bGBSyD9aH95dDSmeny1nxdlYCeXIoymMv6pQHJGNcIDpFDIMypVpVSRsivlJTRENf+RKwrB 6vcfWlP8dSsE3Rfywq09N0ZfxcBa39V0wsGtkGWC+eQKiz4pBZYKjrc5NOpG9qrxpZxyb4o4 yNNwTqzaaPpGRqXB7IMjtf7tTmU2jqPMLxFNe1VXj9XB1rHvbRikw8lBoNoSWY66nJN/VCJv 5ym6Q0mdCbDKCMPybTjoNCQuelc0IAaO4nLUXk0BOSxSxt8kCvsUtQIDAQABo4IBPDCCATgw HwYDVR0jBBgwFoAUu69+Aj36pvE8hI6t7jiY7NkyMtQwHQYDVR0OBBYEFIKvbIz4xf6WYXzo Hz0rcUhexIvAMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMBEGA1UdIAQK MAgwBgYEVR0gADBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9D T01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggrBgEFBQcBAQRlMGMwOwYI KwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQUFkZFRydXN0Q0Eu Y3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEM BQADggIBAHhcsoEoNE887l9Wzp+XVuyPomsX9vP2SQgG1NgvNc3fQP7TcePo7EIMERoh42aw GGsma65u/ITse2hKZHzT0CBxhuhb6txM1n/y78e/4ZOs0j8CGpfb+SJA3GaBQ+394k+z3ZBy WPQedXLL1OdK8aRINTsjk/H5Ns77zwbjOKkDamxlpZ4TKSDMKVmU/PUWNMKSTvtlenlxBhh7 ETrN543j/Q6qqgCWgWuMAXijnRglp9fyadqGOncjZjaaSOGTTFB+E2pvOUtY+hPebuPtTbq7 vODqzCM6ryEhNhzf+enm0zlpXK7q332nXttNtjv7VFNYG+I31gnMrwfHM5tdhYF/8v5UY5g2 xANPECTQdu9vWPoqNSGDt87b3gXb1AiGGaI06vzgkejL580ul+9hz9D0S0U4jkhJiA7EuTec P/CFtR72uYRBcunwwH3fciPjviDDAI9SnC/2aPY8ydehzuZutLbZdRJ5PDEJM/1tyZR2niOY ihZ+FCbtf3D9mB12D4ln9icgc7CwaxpNSCPt8i/GqK2HsOgkL3VYnwtx7cJUmpvVdZ4ognzg Xtgtdk3ShrtOS1iAN2ZBXFiRmjVzmehoMof06r1xub+85hFQzVxZx5/bRaTKTlL8YXLI8nAb R9HWdFqzcOoB/hxfEyIQpx9/s81rgzdEZOofSlZHynoSMYIENTCCBDECAQEwgawwgZcxCzAJ BgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZv cmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMT0wOwYDVQQDEzRDT01PRE8gUlNBIENs aWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhAIzwdZriPvq7FXSbc0 jGReMA0GCWCGSAFlAwQCAQUAoIICWTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqG SIb3DQEJBTEPFw0xODExMDUyMzA3NDlaMC8GCSqGSIb3DQEJBDEiBCDB6CLLmvIoF/XHxMQf vHyouwZ5kjUH86qH3Nxa25nVPDBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjALBglg hkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcG BSsOAwIHMA0GCCqGSIb3DQMCAgEoMIG9BgkrBgEEAYI3EAQxga8wgawwgZcxCzAJBgNVBAYT AkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAY BgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMT0wOwYDVQQDEzRDT01PRE8gUlNBIENsaWVudCBB dXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhAIzwdZriPvq7FXSbc0jGReMIG/ BgsqhkiG9w0BCRACCzGBr6CBrDCBlzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIg TWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0 ZWQxPTA7BgNVBAMTNENPTU9ETyBSU0EgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1 cmUgRW1haWwgQ0ECEAjPB1muI++rsVdJtzSMZF4wDQYJKoZIhvcNAQEBBQAEggEAHWYaIGLH 1E/PYiqFhem7KDvAwQp39gw9xGBi3+Qw0DyqohhQ1sHeo1CDckyn+0288QzEYYlZ8ALjLhxV tE1H93ZjgONdkp+J+1o5Xu9kTGSgE8N4165rPVZCogsiYM4cLEXAqW8w2wq0z7gSWxOhcLb8 QnyWfuFoCziooR8SW9Rf+b8qoOHnUkyho/zCs1eN/fy/fHLXcP78xyE0keEjNRr7MTb4EIa9 f5gIvmdC9WANSVSpTDriKT9B0lO4A5JMa0Tj+NP1aBb4zLmKQwJ4xmcYTv2BrDg4SO6ate9D aJj97Nl98DODyX/sMvS8dWRaYJQVO7u+vkVUvSL8jCiLZwAAAAAAAA== --------------ms010903060006050406020705--