LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   slackware 15 and pam (https://www.linuxquestions.org/questions/slackware-14/slackware-15-and-pam-4175483168/)

kikinovak 07-27-2014 02:14 AM

Quote:

Originally Posted by Ser Olmy (Post 5209961)
Centralized account management is a must in any enterprise environment. Slackware does not currently offer this (but it's fairly easy to add).

I wouldn't exactly call this "fairly easy". With Slackware, I've been using a NIS/NFS combination for the job, and I had to rely on the Debian documentation before writing my own (which I published on docs.slackware.com, search "roaming profiles"). I tried LDAP/NFS, and after an extended period where I thought my head was going to explode, I simply gave up.

Ser Olmy 07-27-2014 06:03 AM

Quote:

Originally Posted by kikinovak (Post 5210196)
I wouldn't exactly call this "fairly easy". With Slackware, I've been using a NIS/NFS combination for the job, and I had to rely on the Debian documentation before writing my own (which I published on docs.slackware.com, search "roaming profiles"). I tried LDAP/NFS, and after an extended period where I thought my head was going to explode, I simply gave up.

What I meant to say, is that adding PAM is fairly easy.

I'd say you're quite right about Slackware and NIS. I learned a lot about that from a previous thread in which we both participated, and recently I discovered that some rights/account management commands simply do not work on NIS-enabled Slackware. I haven't reported this as a bug (yet), and the fact that no-one else seems to have noticed speaks volumes about the current position of Slackware in the enterprise.

ReaperX7 07-27-2014 03:44 PM

Yes, but Slackware isn't a distribution geared at any specific usage or platform. Slackware is what you the system administrator make it out to be. Slackware gives you all the tools to give you a generalized foundation to build a system specific and customized for your usage needs. It offers nothing more or less, however you the administrator and deployer of said system is expected to know everything else you need to know to tune Slackware to fit your specific needs.

If you aren't capable of this, then you aren't ready enough to use Slackware for that purpose. As blunt as that sounds, it's the truth.

kikinovak 07-27-2014 05:04 PM

Quote:

Originally Posted by ReaperX7 (Post 5210418)
Yes, but Slackware isn't a distribution geared at any specific usage or platform. Slackware is what you the system administrator make it out to be. Slackware gives you all the tools to give you a generalized foundation to build a system specific and customized for your usage needs. It offers nothing more or less, however you the administrator and deployer of said system is expected to know everything else you need to know to tune Slackware to fit your specific needs.

If you aren't capable of this, then you aren't ready enough to use Slackware for that purpose. As blunt as that sounds, it's the truth.

I'll take you at your word, then. Here's a specific task for you, Reaper X7.

1. Setup centralized authentication using LDAP and NFS on a Slackware server and Slackware clients.

2. Write a detailed step-by-step documentation about the process.

3. Publish it on http://docs.slackware.com.

4. Eventually, maintain all the core packages that have to be rebuilt in the process.

Thanks in advance,

Niki

T3slider 07-27-2014 05:30 PM

Quote:

Originally Posted by ReaperX7 (Post 5210418)
If you aren't capable of this, then you aren't ready enough to use Slackware for that purpose. As blunt as that sounds, it's the truth.

Maybe Pat should stop shipping any libc -- there are multiple options now and Slackware shouldn't decide which one to force upon you. If you aren't capable of compiling your own c library and correspondingly recompiling everything against it, then you aren't ready enough to use Slackware for that purpose. As blunt as that sounds, it's the truth.

(Ridiculous, isn't it?)

I am neither pro- nor anti-PAM inclusion but I fail to see how its inclusion somehow forces a specific usage. If anything, PAM's current exclusion forces less flexible authentication options onto all Slackware users. It would be easier to make a PAM-enabled installation act like existing Slackware than for every user to add PAM to their installations.

Arkerless 07-27-2014 08:14 PM

Quote:

Originally Posted by T3slider (Post 5210444)
I am neither pro- nor anti-PAM inclusion but I fail to see how its inclusion somehow forces a specific usage. If anything, PAM's current exclusion forces less flexible authentication options onto all Slackware users. It would be easier to make a PAM-enabled installation act like existing Slackware than for every user to add PAM to their installations.

It would be, except that nowhere near all users need PAM. I'd be willing to bet the percentage is pretty small, in fact. Granted it might grow larger if it were easier to do. But on the other side, if it were not more difficult than it should be to do properly, we'd probably already have third party drop-in packages ready for anyone that needs it too.

For now I trust Mr Volkerdings judgement. He excluded it for good reason, and if he takes another look at it I would be very interested in his results. But I dont have any need for it myself, so naturally I am more worried about any possible ill effects than in yet more features I dont need and will never intentionally use.

Richard Cranium 07-27-2014 08:29 PM

Quote:

Originally Posted by kikinovak (Post 5210434)
I'll take you at your word, then. Here's a specific task for you, Reaper X7.

1. Setup centralized authentication using LDAP and NFS on a Slackware server and Slackware clients.

2. Write a detailed step-by-step documentation about the process.

3. Publish it on http://docs.slackware.com.

4. Eventually, maintain all the core packages that have to be rebuilt in the process.

Thanks in advance,

Niki

I'll nibble versus bite.

I've just downloaded and compiled libnss_ldap. I don't know what I would have to set up to test it. If you give me an idea of how to do that, I'll see if libnss_ldap works without PAM.

Richard Cranium 07-27-2014 10:59 PM

Quote:

Originally Posted by Richard Cranium (Post 5210503)
I'll nibble versus bite.

I've just downloaded and compiled libnss_ldap. I don't know what I would have to set up to test it. If you give me an idea of how to do that, I'll see if libnss_ldap works without PAM.

Actually, now that I've looked, there's a perfectly good SlackBuild at SlackBuilds for libnss_ldap.

Why doesn't *that* work?

kikinovak 07-28-2014 03:50 AM

Quote:

Originally Posted by Richard Cranium (Post 5210555)
Actually, now that I've looked, there's a perfectly good SlackBuild at SlackBuilds for libnss_ldap.

Why doesn't *that* work?

Yes, I know. And there's also this:

http://slackbuilds.org/repository/14...nss-pam-ldapd/

The only problem here is that there's no usable documentation on how to use that stuff. Only sparse/incomplete/wrong bits of information scattered around the Internet.

Here's an example of what I would call "usable documentation":

https://help.ubuntu.com/14.04/server...ap-server.html

Alien Bob 07-28-2014 06:37 AM

Quote:

Originally Posted by ReaperX7 (Post 5210418)
Yes, but Slackware isn't a distribution geared at any specific usage or platform. Slackware is what you the system administrator make it out to be. Slackware gives you all the tools to give you a generalized foundation to build a system specific and customized for your usage needs. It offers nothing more or less, however you the administrator and deployer of said system is expected to know everything else you need to know to tune Slackware to fit your specific needs.

If you aren't capable of this, then you aren't ready enough to use Slackware for that purpose. As blunt as that sounds, it's the truth.

With this remark, towards two seasoned Slackware users, you have disqualified yourself. There is a difference between having the tools and building blocks available, and accumulating the knowledge to create a new solution from these building blocks.

Please go back to your LFS distro (which has literally written down every step you need to take to create a LFS computer from scratch, so that the amount of thinking can be kept to a minimum) and leave Slackware to us.
Or else, prove that you know what we are talking about and write a comprehensive article on docs.slackware.com explaining how to setup a centralized authentication setup for Slackware using NIS/LDAP/NFS.

Eric

NoStressHQ 07-28-2014 11:40 AM

Unforgivable...
 
Quote:

Originally Posted by ReaperX7 (Post 5210418)
Yes, but Slackware isn't a distribution geared at any specific usage or platform. Slackware is what you the system administrator make it out to be. Slackware gives you all the tools to give you a generalized foundation to build a system specific and customized for your usage needs. It offers nothing more or less, however you the administrator and deployer of said system is expected to know everything else you need to know to tune Slackware to fit your specific needs.

If you aren't capable of this, then you aren't ready enough to use Slackware for that purpose. As blunt as that sounds, it's the truth.

Yeah... Sometimes you "sounds" like The Kid in Eastwood's Unforgiven... You installed a bunch of packages using command line and you think you're a "real hacker"...

In real life some tasks are less "romantic" than they seems to be as a hobbyist.

https://www.youtube.com/watch?v=7lYVggyHRkY

genss 07-28-2014 03:14 PM

wow

anyway
if my opinion matters, that it probably does not, PAM should not be added to slackware
it looks like a framework made 'cuz companies could not agree on one standard (or two, one for files)

ReaperX7 07-28-2014 05:31 PM

Quote:

Originally Posted by Alien Bob (Post 5210711)
With this remark, towards two seasoned Slackware users, you have disqualified yourself. There is a difference between having the tools and building blocks available, and accumulating the knowledge to create a new solution from these building blocks.

Please go back to your LFS distro (which has literally written down every step you need to take to create a LFS computer from scratch, so that the amount of thinking can be kept to a minimum) and leave Slackware to us.
Or else, prove that you know what we are talking about and write a comprehensive article on docs.slackware.com explaining how to setup a centralized authentication setup for Slackware using NIS/LDAP/NFS.

Eric

Sorry but to properly respond as I know best Eric, I'll respond to say this to your remarks...

Naw... I don't use those so I don't feel the need to, not do I need to. You and kikinovak are both mature enough, at least I hope, so you or both of you can do it rather than point fingers at me crying foul. Otherwise, I'm done on this subject, so piss and moan about your ineptness without me.

Didier Spaier 07-28-2014 05:54 PM

Quote:

Originally Posted by ReaperX7 (Post 5211000)
I'm done on this subject

Better late than never.

Slax-Dude 07-29-2014 03:19 AM

Quote:

Originally Posted by genss (Post 5210918)
if my opinion matters, that it probably does not, PAM should not be added to slackware
it looks like a framework made 'cuz companies could not agree on one standard (or two, one for files)

That is the point of PAM: to make authentication modular, so you don't have to use just one standard.
This way, you can use ldap, kerberos, etc...
You can even use the good old reliable linux flat files (shadow, passwd, group).

Just imagine having 50 computers.
Now imagine that every user should be able to work on any one of them.
To do this, you can:
a) replicate passwd, shadow, group to every one of those computers... every time a user is created or changes their password...
b) have some sort of central authentication scheme that the 50 computers use.

If you are a sysadmin that has to deal with that, you will probably chose b)
Now imagine 500 or 5000 computers... b) will look even more attractive :)

Ser Olmy explained it best in this post: http://www.linuxquestions.org/questi...ml#post5209961


All times are GMT -5. The time now is 10:42 PM.