From owner-freebsd-questions@freebsd.org Fri Mar 13 12:52:35 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CC48A25F3D6 for ; Fri, 13 Mar 2020 12:52:35 +0000 (UTC) (envelope-from SRS0=bonN=46=perdition.city=julien@bebif.be) Received: from orval.bbpf.belspo.be (orval.bbpf.belspo.be [193.191.208.90]) by mx1.freebsd.org (Postfix) with ESMTP id 48f5FZ2PHTz3QYp for ; Fri, 13 Mar 2020 12:52:33 +0000 (UTC) (envelope-from SRS0=bonN=46=perdition.city=julien@bebif.be) Received: from x1 (unknown [77.109.101.182]) by orval.bbpf.belspo.be (Postfix) with ESMTPSA id 578DB1D4FC10; Fri, 13 Mar 2020 13:52:32 +0100 (CET) Date: Fri, 13 Mar 2020 13:52:30 +0100 From: Julien Cigar To: Victor Sudakov Cc: freebsd-questions@freebsd.org Subject: Re: Centralized user/group/whatever management Message-ID: <20200313125230.GB2004@x1> References: <20200313091923.GA98495@admin.sibptus.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20200313091923.GA98495@admin.sibptus.ru> X-Rspamd-Queue-Id: 48f5FZ2PHTz3QYp X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of SRS0=bonN=46=perdition.city=julien@bebif.be designates 193.191.208.90 as permitted sender) smtp.mailfrom=SRS0=bonN=46=perdition.city=julien@bebif.be X-Spamd-Result: default: False [-4.45 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.996,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[perdition.city]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[90.208.191.193.list.dnswl.org : 127.0.10.0]; IP_SCORE(-3.05)[ip: (-9.05), ipnet: 193.191.192.0/19(-4.52), asn: 2611(-1.66), country: BE(-0.02)]; FORGED_SENDER(0.30)[julien@perdition.city,SRS0=bonN=46=perdition.city=julien@bebif.be]; RCVD_NO_TLS_LAST(0.10)[]; MIME_TRACE(0.00)[0:+]; R_DKIM_NA(0.00)[]; ASN(0.00)[asn:2611, ipnet:193.191.192.0/19, country:BE]; MID_RHS_NOT_FQDN(0.50)[]; FROM_NEQ_ENVFROM(0.00)[julien@perdition.city,SRS0=bonN=46=perdition.city=julien@bebif.be]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Mar 2020 12:52:35 -0000 On Fri, Mar 13, 2020 at 04:19:23PM +0700, Victor Sudakov wrote: > Dear Colleagues, > > Do you think there exists a modern solution for centralized user/group/... > management compatible with FreeBSD and Linux? OpenLDAP..? (and if someone has a good GUI/CLI for it .. let me know) > > I have experience using NIS on FreeBSD for many years, but NIS is really very > dated, not very secure, depends on the NIS servers being reachable all the > time, depends on Sun RPC (portmapper, dynamic ports) and has other > drawbacks. I know this from experience. > > Are there any modern solutions for FreeBSD hosts to have at least a common > user/userid/group/groupid database, or maybe even more centralized goodies? > > I've been told that Linux has FreeIPA, but I think it's not fully > compatible with FreeBSD, and besides security/sssd wants so many > dependencies (even MIT Kerberos as if FreeBSD's built-in Kerberos is not > good enough). > > Any success stories? > > > -- > Victor Sudakov, VAS4-RIPE, VAS47-RIPN > 2:5005/49@fidonet http://vas.tomsk.ru/ -- Julien Cigar Belgian Biodiversity Platform (http://www.biodiversity.be) PGP fingerprint: EEF9 F697 4B68 D275 7B11 6A25 B2BB 3710 A204 23C0 No trees were killed in the creation of this message. However, many electrons were terribly inconvenienced.