On Tue, Jun 04, Rodney Baker wrote:
On Monday, 3 June 2019 21:20:55 ACST Thorsten Kukuk wrote:
/etc/passwd, /etc/group and /etc/shadow: This is the big, open problem. We looked at many possible solutions, but didn't found the real, generic one.
Or perhaps it is time to consider a roadmap to deprecating these altogether and moving to an LDAP-based solution? Or is that a bridge too far?
There is one important thing to remember: this has to work even if the rest of the system fails (so rescue system, initrd rescue shell, ...). Most of the time in this scenarios, LDAP will not work, too. And having a local LDAP daemon for system accounts running on every system and a second one for the normal users somewhere else in the network: will this really simplify the setup and make it more robust? Somebody had the idea if it wouldn't be possible to write a sssd plugin to merge this files, no idea if this is feasible. There were also ideas to throw away /etc/passwd, /etc/group, ... and invent something completly new. If somebody has ideas for this and time, fine. But we should make that independent of this discussion, to not make it too complex and block ourself. Thorsten -- Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & MicroOS SUSE Linux GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany GF: Felix Imendoerffer, Mary Higgins, Sri Rasiah, HRB 21284 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org