On 18/06/16 17:15, Alan Somers wrote:
On Thu, Jun 16, 2016 at 7:20 AM, Chris H <bsd-li...@bsdforge.com> wrote:
On Wed, 15 Jun 2016 08:03:55 -0400 Nikolai Lifanov <lifa...@mail.lifanov.com>

On 06/14/2016 21:05, Marcelo Araujo wrote:
2016-06-15 8:17 GMT+08:00 Chris H <bsd-li...@bsdforge.com>:

On Thu, 9 Jun 2016 17:55:58 +0800 Marcelo Araujo <araujobsdp...@gmail.com>


Thanks for the CFT Craig.

2016-06-09 14:41 GMT+08:00 Xin Li <delp...@delphij.net>:

On 6/8/16 23:10, Craig Rodrigues wrote:

I have worked with Marcelo Araujo to port OpenBSD's ypldap to FreeBSD

In latest current, it should be possible to put in /etc/rc.conf:

to activate the ypldap daemon.

When set up properly, it should be possible to log into FreeBSD, and
the backend password database come from an LDAP database such
as OpenLDAP

There is some documentation for setting this up, but it is OpenBSD


I did not bother porting the OpenBSD LDAP server to FreeBSD, so that
does not apply.  I figure that openldap from ports should work fine.

I was wondering if there is someone out there familiar enough with
and has a setup they can test this stuff out with, provide feedback,
improve the documentation for FreeBSD?

Looks like it would be a fun weekend project.  I've cc'ed a potential
person who may be interested in this as well.

But will this worth the effort? (I think the current implementation
would do everything with plaintext protocol over wire, so while it
extends life for legacy applications that are still using NIS/YP, it
doesn't seem to be something that we should recommend end user to use?)

I can see two good point to use ypldap that would be basically for users
that needs to migrate from NIS to LDAP or need to make some integration
between legacy(NIS) and LDAP during a transition period to LDAP.

As mentioned, NIS is 'plain text' not safe by its nature, however there
still lots of people out there using NIS, and ypldap(8) is a good tool to
help these people migrate to a more safe tool like LDAP.

I would also be interested in hearing from someone who can see if
ypldap can work against a Microsoft Active Directory setup?


All my tests were using OpenLDAP, I used the OpenBSD documentation to
everything, and the file share/examples/ypldap/ypldap.conf can be a good
start to anybody that wants to start to work with ypldap(8).

Would be nice hear from other users how was their experience using ypldap
with MS Active Directory and perhaps some HOWTO how they made all the
would be amazing to have.

Also, would be useful to know who are still using NIS and what kind of
setup(user case), maybe even the reason why they are still using it.

Honestly, I think the best way to motivate people to do the right
thing(tm) Would be to remove Yellow Pages from the tree, entirely. :-)
It's been dead for *years*, and as you say, isn't safe, anyway..

Yes, I have a plan for that, but I don't believe it will happens before

Please don't, at least for now. NIS is fast, simple, reliable, and works
on first boot without additional software. I have passwords in
Kerberos, so the usual cons doesn't apply. This is very valuable to me.

It's not hurting anyone. What's the motivation behind removing it?

In all honesty, my comment was somewhat tongue-in-cheek. But from
a purely maintenance POV, at this point in time. I think the Yellow
Pages are better suited for the ports tree, than in $BASE.

It will be hard to wean people off of NIS as long as KGSSAPI is
disabled in GENERIC.  Does anybody know why it isn't enabled by

Because it's just a `kldload kgssapi` away. Put it in loader.conf or rc.conf depending on your needs/preferences.
freebsd-current@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Reply via email to