Re: Syncing 3 Freebsd servers' accounts Question
Dick Davies wrote: O'Reilly has a really good book on LDAP LDAP System Administration - includes a chapter on how to migrate from NIS to LDAP. IMO that's one of the few bad oreilly books the orielly book is more of a cookbook, but does'nt really explain what's going on. You have a problem, and you want to solve it. I find the O'Reilly book a good guide. I didn't claim it will give you a complete understanding of the protocol or X.509 etc. But it will show you how to solve the problem at hand, and give ideas of how to exploit LDAP further. NetBSD is almost finished integrating pluggable nsswitch modules, I doubt openbsd will be far behind. No offence to the openbsd crew but if you waited for them to support something before using it on freebsd you wouldn't be running much... I think the whole idea of pam is against their fundamental philosophy, so I wouldn't expect to see this any time soon. Also, LDAP requires you to obtain Object Identifiers if you defnine new types, I haven't heard of OID that can be used for private/experimental purposes only (like the private ip address spaces). There's no need to get an OID registered (unlike IP addresses; it's not like it's routed) but it's free and they'll happily give you one if you ask. You will need to have your directory service available for the internet if you eg. want to distribute certificates - the most common use I think. And you will need OID if you want to add your own extensions to the v3 certificate. But even if not, just to make sure that your choice of OID will not clash with commonly distributed entries, it would be convenient to have a private playground, where any interference is _your_ problem. I know they will give you a branch for free if you ask, but I guess that will change if we all request such a branch. Anyway, the predefined schemes much satturates the need of most SOHO's. Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Syncing 3 Freebsd servers' accounts Question
Hello, I have 3 freebsd servers(4.7,4.9,5.3) and would like to have 1 set of user/group accounts instead of 3. I don't know very much about NIS or LDAP which come up when I researched the topic. So what is the easiest, cheapest(free), and best way to accomplish this??? Thanks. -- Jason ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Syncing 3 Freebsd servers' accounts Question
I think NIS is the easiest to implement, a friend of mine did it, I don't think he's on the list. I'll ask him how when I see him. Cheers! On Thu, 27 Jan 2005 14:23:53 -0500 (EST), Jason Lieurance [EMAIL PROTECTED] wrote: Hello, I have 3 freebsd servers(4.7,4.9,5.3) and would like to have 1 set of user/group accounts instead of 3. I don't know very much about NIS or LDAP which come up when I researched the topic. So what is the easiest, cheapest(free), and best way to accomplish this??? Thanks. -- Jason ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- gabriel, Member of: FreeBSD-Announce FreeBSD-Hardware FreeBSD-Multimedia FreeBSD-questions ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Syncing 3 Freebsd servers' accounts Question
Jason Lieurance wrote: I have 3 freebsd servers(4.7,4.9,5.3) and would like to have 1 set of user/group accounts instead of 3. I don't know very much about NIS or LDAP which come up when I researched the topic. So what is the easiest, cheapest(free), and best way to accomplish this??? Just to counter other post - this seems to be partly a matter of taste and what you know :-) - every book I have read, and every advice I have gotten: Don't use NIS unless you absolutely have to - and this goes in particular for NIS+. That said (somewhat religous, sorry :-) LDAP is a good choice for many other reasons, the main one that the use can be extented beyond what you are currently trying to do. - LDAP namespace coincides with SSL certificates - LDAP scales well - LDAP is extensible - LDAP is an open protocol rfc3377 - LDAP can easily be filtered by your firewall - LDAP integrates well(?) with windows (or better than NIS) - LDAP is more hype ... While you might not need these things for your home network, they may just be what gets you a job some day. Whereas - NIS is proprietary protocol developed by Sun - NIS is an rpc-service, imposible or at best difficult to filter - NIS is being replaced by LDAP everywhere rfc2307 ... OK, I admit, I have followed the advice I have gotten, and never sat down and really tried to do something with NIS. Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Syncing 3 Freebsd servers' accounts Question
I forgot: O'Reilly has a really good book on LDAP LDAP System Administration - includes a chapter on how to migrate from NIS to LDAP. And an honest advantage of NIS: Text files only, and LDAP with pam/nss is not supported on OpenBSD if you some day need to integrate with that OS. Also, LDAP requires you to obtain Object Identifiers if you defnine new types, I haven't heard of OID that can be used for private/experimental purposes only (like the private ip address spaces). Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Syncing 3 Freebsd servers' accounts Question
On Thu, Jan 27, 2005 at 02:23:53PM -0500, Jason Lieurance wrote: I have 3 freebsd servers(4.7,4.9,5.3) and would like to have 1 set of user/group accounts instead of 3. I don't know very much about NIS or LDAP which come up when I researched the topic. So what is the easiest, cheapest(free), and best way to accomplish this??? NIS works well on my home network. As for easiest / best, you'll have to evaluate your particular needs. Some links to NIS docs: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-nis.html yp(8) ypserv(8) -- Kelly D. Grills [EMAIL PROTECTED] pgpT4V44yrjz6.pgp Description: PGP signature
Re: Syncing 3 Freebsd servers' accounts Question
* Erik Norgaard [EMAIL PROTECTED] [0129 20:29]: I forgot: O'Reilly has a really good book on LDAP LDAP System Administration - includes a chapter on how to migrate from NIS to LDAP. IMO that's one of the few bad oreilly books - if you want a really good ldap tutorial, get Understanding and Deploying LDAP Directory Services the orielly book is more of a cookbook, but does'nt really explain what's going on. And an honest advantage of NIS: Text files only, and LDAP with pam/nss is not supported on OpenBSD if you some day need to integrate with that OS. Yeah, but NIS is horribly insecure. I doubt Theo would embrace it with open arms :) NetBSD is almost finished integrating pluggable nsswitch modules, I doubt openbsd will be far behind. No offence to the openbsd crew but if you waited for them to support something before using it on freebsd you wouldn't be running much... The flat file thing is a double-edged sword; it's trivial to dump and restore a directory (at least openldap), and doesn't have the 'issues' I've had with, say, SQL databases, where either you get too much (accidentally try to restore the system tables) or too little (forget the users). And an LDAP directory is useful for much more than just distributed password files, and is straightforward to replicate (don't know how you'd do that with NIS) and fast too. Also, LDAP requires you to obtain Object Identifiers if you defnine new types, I haven't heard of OID that can be used for private/experimental purposes only (like the private ip address spaces). There's no need to get an OID registered (unlike IP addresses; it's not like it's routed) but it's free and they'll happily give you one if you ask. -- 'What have you done to the cat? It looks half-dead.' -- Schroedinger's wife Rasputin :: Jack of All Trades - Master of Nuns ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]