From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: tuhs-bounces@minnie.tuhs.org X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=0.9 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,SUBJ_ALL_CAPS autolearn=no autolearn_force=no version=3.4.2 Received: from minnie.tuhs.org (minnie.tuhs.org [45.79.103.53]) by inbox.vuxu.org (OpenSMTPD) with ESMTP id b3ef1170 for ; Mon, 5 Nov 2018 04:16:25 +0000 (UTC) Received: by minnie.tuhs.org (Postfix, from userid 112) id A1D97A22FA; Mon, 5 Nov 2018 14:16:24 +1000 (AEST) Received: from minnie.tuhs.org (localhost [127.0.0.1]) by minnie.tuhs.org (Postfix) with ESMTP id 60191A2161; Mon, 5 Nov 2018 14:16:01 +1000 (AEST) Received: by minnie.tuhs.org (Postfix, from userid 112) id 9C009A2154; Mon, 5 Nov 2018 13:23:04 +1000 (AEST) X-Greylist: delayed 349 seconds by postgrey-1.35 at minnie.tuhs.org; Mon, 05 Nov 2018 13:23:03 AEST Received: from castor.opentrend.net (li1631-87.members.linode.com [172.104.51.87]) by minnie.tuhs.org (Postfix) with ESMTP id 80308A1FBC for ; Mon, 5 Nov 2018 13:23:03 +1000 (AEST) Received: from mira.opentrend.net (mira.opentrend.net [119.18.33.224]) by castor.opentrend.net (Postfix) with ESMTP id CAAB95A05C; Mon, 5 Nov 2018 03:17:10 +0000 (UTC) Date: Mon, 5 Nov 2018 13:16:54 +1000 (AEST) From: Robert Brockway X-X-Sender: robert@mira.opentrend.net To: Grant Taylor In-Reply-To: Message-ID: References: User-Agent: Alpine 2.20 (DEB 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset=US-ASCII Subject: Re: [TUHS] YP / NIS / NIS+ / LDAP X-BeenThere: tuhs@minnie.tuhs.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: The Unix Heritage Society mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: The Unix Heritage Society Errors-To: tuhs-bounces@minnie.tuhs.org Sender: "TUHS" On Sun, 4 Nov 2018, Grant Taylor via TUHS wrote: > Does anyone have any experience with YP / NIS / NIS+ / LDAP as a central > directory on Unix? I used NIS a lot in the 90s and early 2000s. I think it continues to be underrated. The main gripe people had was lack of security but if all of the hosts were in the same security domain anyway it wouldn't matter. Integrated very well with NFS on Solaris & Linux for me back in the day. NIS+ is awful. Let us not speak of it again. I did a lot of LDAP around 2007-2010. I got quite good at writing filters as we were using for a lot more than juse user auth. Most installations I'm seeing today auth to AD, which is of course now supported. > I'm contemplating playing with them for historical reasons. > > As such, I'm wondering what the current evolution is for a pure Unix > environment. Read: No Active Directory. Is there a current central > directory service for Unix (or Linux)? If so, what is it? In my experience LDAP is preferred in a pure *nix environment these days. I've never played much with Kerberos. There is another option that is largely ignored... Increasingly *nix systems are managed through orchestration tools like Puppet or Ansible. One option is to build the user account details from an AD or LDAP backend on the orchestration server and write it out locally on the *nix boxes. The *nix boxes just auth locally but still gain the benefit of dynamically managed users. There are advantages and disavantages of this outside the scope of this list. Cheers, Rob