1 |
Zack Gilburd wrote: |
2 |
|
3 |
> I /tried/ using LDAP as my authentication for pam a while back, in hopes of |
4 |
> having a nice, network-wide, roaming profile. However, such hopes were |
5 |
> quickly shattered once I got authentication going even locally. My login |
6 |
> attempts would take /quite/ a while and it was very inefficient. |
7 |
|
8 |
Certainly, setup (in its current incarnation) is flawed, at a minimum. I |
9 |
think it could work if it were "distro sanctioned" and therefore had |
10 |
full support. A good example of directory services working from the |
11 |
get-go is Mac OS X. I know a lot of Linux users disapprove of MOSX. I |
12 |
don't bring it up to start that debate but to illustrate a working |
13 |
example. MOSX ships with NetInfo (enabled) and all auth, groups, hosts, |
14 |
and other related items are using the directory by default. This makes |
15 |
managing a network of MOSX boxes much like a visit to the candy shop - |
16 |
while sticky, still very sweet. |
17 |
|
18 |
> I would |
19 |
> rather see a MySQL database. |
20 |
|
21 |
The problem with this approach is that mysql is a bit (ok, a lot) |
22 |
heavier than openldap (or ldap in general). The other reason is because |
23 |
there are major differences between databases to such a degree that it |
24 |
matters much more than, say, replacing openldap with another |
25 |
implementation. Without getting into the debate of mysql vs. postgres, |
26 |
there are major differences between the two and if something system |
27 |
level (i.e. portage) were to use mysql, it would be pretty difficult |
28 |
(due to the differences in things like datatypes and the like) to move |
29 |
it over to postgresql or sapdb. All of that said, ldap was (or has |
30 |
evolved to be) designed for holding this type of information and is a |
31 |
bit more standardized in terms of types and schema. Also, as I said in |
32 |
my first email, it also provides for the replication, referrals, |
33 |
addressbook services, and other fantastic features. Say it quietly to |
34 |
yourself - "no more 'emerge sync'... simple propagation... platform |
35 |
agnostic standards..." - it sounds pretty good. ;) |
36 |
|
37 |
> Granted I am incorrect about my assertions above, I would like to see this |
38 |
> *work* in a real-world situation before I say, "Yea, sure, let's give LDAP a |
39 |
> try..." |
40 |
|
41 |
Absolutely. This is a architectural change and would require simple |
42 |
tools to convert between flat files and the directory service |
43 |
equivelents and other "goodies" for less caring / experienced / |
44 |
concerned users. Like everything else in Gentoo already is, it would |
45 |
have to be simple, powerful, extensible, and sexy as hell... (like the |
46 |
init scripts, portage, gentoolkit, mirrorselect, ufed, net-setup, |
47 |
env-update, modules-update, and all those other tools that make me all |
48 |
full of smiles) |
49 |
|
50 |
Sorry... the whole idea of working, integrated, supported directory |
51 |
services makes me froth at the mouth... |
52 |
|
53 |
;) |
54 |
|
55 |
-- |
56 |
Eric Sammer |
57 |
eric@××××××××××××.com |
58 |
http://www.ineoconcepts.com |
59 |
|
60 |
|
61 |
-- |
62 |
gentoo-dev@g.o mailing list |