Re: Bottomline - Going LDAP.

[Jim Wise <jwise%draga.com@localhost>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 22 May 2008, Anders Magnusson wrote:

>>> - ypserv can exit base system if there is a compatibility replacement
>>> for it.
>>>     
>>
>> If we have syspkgs working. :-) 
>> Otherwise my inclination would be no.  NIS still has its place.
>> LDAP/NIS shims do have issues.  LDAP is much heavier than NIS,
>> right?  Also there is the issue ypserv bit rotting.
>>
>> Or are you saying your new LADP solution would talk NIS?
>>   
>Yes.  That was in the original proposal.  Default small domain system should
>be LDAP+Kerberos, and ypserv compatibility added for those that needs it.
>And to avoid the large overhead of an OpenLDAP server I suggested the use
>of a small simple ldap server that do not need all administrative skills
>to be
>setup and run.

NIS should not go away.  I know of plenty of shops still using NIS, and 
other commercial and free OSes support it out of the box.

I'm generally pro-ldap+kerberos, but NIS is not leaving the world of 
potential NetBSD users anytime soon -- this is not a question like 
sendmail vs. postfix where removing one option still leaves 
interoperability easy.

As long as the base system supports NIS as an option in nss -- with no 
additional installs, I would _love_ to see the capability you discuss in 
the RFC available in the base system.  Whether it should be the default 
post-sysinst configuration is something others can comment on.

After all, nss makes these things easy to supply without messing with 
the defaults, right?

- --
                                Jim Wise
                                jwise%draga.com@localhost
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (NetBSD)

iD8DBQFINisjq/KRbT0KwbwRAkClAJ9tOpvmQZW35QtrPtAj06JKfd5a4wCdHU2q
vEqRNoQKqvyp/x/QW48C/Kg=
=v6AT
-----END PGP SIGNATURE-----