On Tue, Jun 04, Rodney Baker wrote:
On Monday, 3 June 2019 21:20:55 ACST Thorsten Kukuk
/etc/group and /etc/shadow:
This is the big, open problem. We looked at many possible solutions,
but didn't found the real, generic one.
Or perhaps it is time to consider a roadmap to deprecating these altogether
and moving to an LDAP-based solution? Or is that a bridge too far?
There is one important thing to remember: this has to work even if the
rest of the system fails (so rescue system, initrd rescue shell, ...).
Most of the time in this scenarios, LDAP will not work, too.
And having a local LDAP daemon for system accounts running on every
system and a second one for the normal users somewhere else in the
network: will this really simplify the setup and make it more robust?
Somebody had the idea if it wouldn't be possible to write a sssd plugin
to merge this files, no idea if this is feasible.
There were also ideas to throw away /etc/passwd, /etc/group, ... and
invent something completly new. If somebody has ideas for this and time,
fine. But we should make that independent of this discussion, to not make
it too complex and block ourself.
Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & MicroOS
SUSE Linux GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany
GF: Felix Imendoerffer, Mary Higgins, Sri Rasiah, HRB 21284 (AG Nuernberg)
To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org