From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: tuhs-bounces@minnie.tuhs.org
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_NONE,SUBJ_ALL_CAPS autolearn=no autolearn_force=no
	version=3.4.2
Received: from minnie.tuhs.org (minnie.tuhs.org [45.79.103.53])
	by inbox.vuxu.org (OpenSMTPD) with ESMTP id 9091c48e
	for <ml@inbox.vuxu.org>;
	Sun, 4 Nov 2018 23:44:09 +0000 (UTC)
Received: by minnie.tuhs.org (Postfix, from userid 112)
	id 85702A2226; Mon,  5 Nov 2018 09:44:08 +1000 (AEST)
Received: from minnie.tuhs.org (localhost [127.0.0.1])
	by minnie.tuhs.org (Postfix) with ESMTP id 904C0A23F6;
	Mon,  5 Nov 2018 09:43:53 +1000 (AEST)
Received: by minnie.tuhs.org (Postfix, from userid 112)
 id 8531EA21D9; Mon,  5 Nov 2018 08:59:11 +1000 (AEST)
Received: from mail-oi1-f176.google.com (mail-oi1-f176.google.com
 [209.85.167.176])
 by minnie.tuhs.org (Postfix) with ESMTPS id 2FEE7A1FBC
 for <tuhs@minnie.tuhs.org>; Mon,  5 Nov 2018 08:59:06 +1000 (AEST)
Received: by mail-oi1-f176.google.com with SMTP id y192-v6so5913873oie.8
 for <tuhs@minnie.tuhs.org>; Sun, 04 Nov 2018 14:59:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=cf2oYahL0sJUr4TBQ129U3wjGnLBBCWPNF4OWCUtNwo=;
 b=Us1mrCOKcYSlg5tyxC7XbhLKk3zNcsrGG3hneO6xJUetT/41RWdid2h49XF0YmHHR3
 q5f1zktTW5CxLL77SfZ96VUwfGh8Py9ZAiQTaoMjjLwF/GtDKlHBGLEaEtFj4EPirSCc
 pChQXEg6KvtQskfxfKomVWpx5+GHi4JAKl8w99OhtpeR7HyzlyMbpRIusQwFo0I835U6
 R/ndAMHFtL1DYUUqc3USanMRUiDZLemH1xsCXIzRgWmcLOpWJArfM5hjbSiuwsNAZZjO
 MesPzMV0MwJwMOOQIq9zuXRaM9cTXAe1aK3rfQDDQSZwzvcKddckbDCj5k+t/XT7n2Si
 siKw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=cf2oYahL0sJUr4TBQ129U3wjGnLBBCWPNF4OWCUtNwo=;
 b=WzDs2TQLO8PsJ2xB840K5M9bRKATnDY/Cn+xhTQQwxtfkDN75mZ0Sf0qL4/qpHtG2P
 99fVxU9bISPevCl4j82m3jaFdLJGVPwY3ToIvgmAwNgvPjXnT5KNTrejxRSIB134P4wf
 jR1dFS9XqardA7tAQcPUWDFXTbh2hwoQoav2KKMZmenjP2EXMLSiPXjekYGNljEklsOU
 JvSUEKvrvpmMTS2LqIp/WFIIhhe3pLILYRKeakotBUrY2EJQ6Cq5U4WnU0B3jKkNAzf2
 WYYhOHTpEFNDBFGbxh07lZJWXOu9+oi7ccIKAVx0+JLGYQ1omYCAiqH0DKWXK7SZj0BP
 /wXw==
X-Gm-Message-State: AGRZ1gIjbRW+Vevlh20uyRbnSjmoLys9rTDNehgZJQ+FToA0S7M9kl9b
 Eg7aamb5m3bcAkKOwEj97s1F+AjoBZf8HLkqVe+tLnFI
X-Google-Smtp-Source: AJdET5fZdWADoOOlrR4aZbHo95xIJcIQAJZHZHRVFkW0HOhq09Q5UrVR4Bcd/BQXY15DGM21CVZto0yp7Otz6a31tiI=
X-Received: by 2002:aca:ce47:: with SMTP id
 e68-v6mr12007022oig.83.1541372345092; 
 Sun, 04 Nov 2018 14:59:05 -0800 (PST)
MIME-Version: 1.0
References: <f99e4c98-d584-d823-a581-0d6c3b9c3420@spamtrap.tnetconsulting.net>
In-Reply-To: <f99e4c98-d584-d823-a581-0d6c3b9c3420@spamtrap.tnetconsulting.net>
From: =?UTF-8?Q?Mantas_Mikul=C4=97nas?= <grawity@gmail.com>
Date: Mon, 5 Nov 2018 00:58:53 +0200
Message-ID: <CAPWNY8UPFuK2B=gBVE4JwQVrpDvDu10_ngtCFoNVHjeZAnG0yA@mail.gmail.com>
To: gtaylor@tnetconsulting.net
Content-Type: multipart/alternative; boundary="00000000000018924d0579deb790"
Subject: Re: [TUHS] YP / NIS / NIS+ / LDAP
X-BeenThere: tuhs@minnie.tuhs.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: The Unix Heritage Society mailing list <tuhs.minnie.tuhs.org>
List-Unsubscribe: <https://minnie.tuhs.org/cgi-bin/mailman/options/tuhs>,
 <mailto:tuhs-request@minnie.tuhs.org?subject=unsubscribe>
List-Archive: <http://minnie.tuhs.org/pipermail/tuhs/>
List-Post: <mailto:tuhs@minnie.tuhs.org>
List-Help: <mailto:tuhs-request@minnie.tuhs.org?subject=help>
List-Subscribe: <https://minnie.tuhs.org/cgi-bin/mailman/listinfo/tuhs>,
 <mailto:tuhs-request@minnie.tuhs.org?subject=subscribe>
Cc: tuhs@minnie.tuhs.org
Errors-To: tuhs-bounces@minnie.tuhs.org
Sender: "TUHS" <tuhs-bounces@minnie.tuhs.org>

--00000000000018924d0579deb790
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Sun, Nov 4, 2018 at 11:34 PM Grant Taylor via TUHS <tuhs@minnie.tuhs.org=
>
wrote:

> Does anyone have any experience with YP / NIS / NIS+ / LDAP as a central
> directory on Unix?
>
> I'm contemplating playing with them for historical reasons.
>
> As such, I'm wondering what the current evolution is for a pure Unix
> environment.  Read:  No Active Directory.  Is there a current central
> directory service for Unix (or Linux)?  If so, what is it?
>
> I'm guessing it's LDAP combined with Kerberos, but I'm not sure.
>

As far as I know, LDAP is very much in use in the Linux world =E2=80=93 via=
 nslcd
or SSSD as clients; OpenLDAP (blech) or 389-ds as "build from scratch"
servers. There's also FreeIPA which tries to be an integrated solution.
(But even if you seek a pure Linux/Unix environment, I suspect AD is what
keeps LDAP from being replaced =E2=80=93 because as long as there are clien=
ts for
AD, there will be clients for pure LDAP as well.)

Kerberos exists too, but somewhat less common =E2=80=93 FreeIPA includes it=
 by
default, but many people just piggyback on LDAP bind as password-based
authentication and use SSH keys for passwordless (because apparently
protocols other than SSH and HTTPS don't exist anymore). The MIT Kerberos 5
suite is still actively maintained and receives new features, such as
S-PAKE), whereas Heimdal appears to be on life support.

(Speaking of zombies, Linux glibc still comes with Hesiod support built
in...)

Many people's idea of a central directory nowadays appears to be "deploy an
/etc/passwd via Salt or Ansible".

--=20
Mantas Mikul=C4=97nas

--00000000000018924d0579deb790
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_quote"><div dir=3D"ltr">On Sun, Nov 4,=
 2018 at 11:34 PM Grant Taylor via TUHS &lt;<a href=3D"mailto:tuhs@minnie.t=
uhs.org" target=3D"_blank">tuhs@minnie.tuhs.org</a>&gt; wrote:<br></div><bl=
ockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #=
ccc solid;padding-left:1ex">Does anyone have any experience with YP / NIS /=
 NIS+ / LDAP as a central <br>
directory on Unix?<br>
<br>
I&#39;m contemplating playing with them for historical reasons.<br>
<br>
As such, I&#39;m wondering what the current evolution is for a pure Unix <b=
r>
environment.=C2=A0 Read:=C2=A0 No Active Directory.=C2=A0 Is there a curren=
t central <br>
directory service for Unix (or Linux)?=C2=A0 If so, what is it?<br>
<br>
I&#39;m guessing it&#39;s LDAP combined with Kerberos, but I&#39;m not sure=
.<br></blockquote><div><br></div><div>As far as I know, LDAP is very much i=
n use in the Linux world =E2=80=93 via nslcd or SSSD as clients; OpenLDAP (=
blech) or 389-ds as &quot;build from scratch&quot; servers. There&#39;s als=
o FreeIPA which tries to be an integrated solution. (But even if you seek a=
 pure Linux/Unix environment, I suspect AD is what keeps LDAP from being re=
placed =E2=80=93 because as long as there are clients for AD, there will be=
 clients for pure LDAP as well.)</div><div><br></div><div>Kerberos exists t=
oo, but somewhat less common =E2=80=93 FreeIPA includes it by default, but =
many people just piggyback on LDAP bind as password-based authentication an=
d use SSH keys for passwordless (because apparently protocols other than SS=
H and HTTPS don&#39;t exist anymore). The MIT Kerberos 5 suite is still act=
ively maintained and receives new features, such as S-PAKE), whereas Heimda=
l appears to be on life support.</div><div><br></div><div><div>(Speaking of=
 zombies, Linux glibc still comes with Hesiod support built in...)</div></d=
iv><div><br></div><div>Many people&#39;s idea of a central directory nowada=
ys appears to be &quot;deploy an /etc/passwd via Salt or Ansible&quot;.</di=
v><div><br></div></div>-- <br><div dir=3D"ltr" class=3D"m_-4801771535548126=
741gmail_signature" data-smartmail=3D"gmail_signature"><div dir=3D"ltr">Man=
tas Mikul=C4=97nas</div></div></div>

--00000000000018924d0579deb790--