Wojciech Puchar wrote:
Of course, as has been pointed out else-thread, LDAP is the way of the future. It's much more scalable and interoperable between different OSesand much more overcomplex, mostly unneeded complexity IMHO. Please think twice before telling about "the way of the future". It's just one way, and i wish in "the future" i will still have a choice between many different tools and solutions, and be able to choose THE SIMPLEST for the problem, as i always do.As i didn't use NIS for a some time and never in FreeBSD i can't tell more about this, but at first look problem of database format is trivial, as master.passwd could be converted to 2-file format with few lines of shell script, and i could be done periodically to make them up to date.Sorry if i missed something because i was some time ago. I just don't like overcomplex tools for simple tasks.
Funnily enough, I am actually in complete agreement with you. When I said "The Way of the Future" -- that should be read with a certain degree of irony. No one is going to remove the simpler ways of doing this stuff any time soon, because the simple way is the right way for the vast majority of cases. Almost all of the systems I have any administrative oversight of just use local password databases and SSH keys for authentication.I do have a few instances where we use an LDAP back-end to provide an authentication database for various web sites or other applications. Here
the primary benefit is actually being able to build a distributed user DB *without* having to give everybody local unix accounts. The benefits outweigh the extra complexity involved. Sure LDAP is complicated, but it's of the same order of complexity as a RDBMS system like MySQL. And like MySQL, there are right times, places and ways to use it, and wrong ones too. Yes, there is a lot of complexity, but that means there's a lot of flexibility too. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW
Description: OpenPGP digital signature