[ale] You guys have been too quiet lately...

Discussion:

Jerald Sheets via Ale

2017-12-13 15:57:15 UTC

https://linux.slashdot.org/story/17/12/11/0049245/does-systemd-makes-linux-complex-error-prone-and-unstable?utm_source=rss1.0mainlinkanon&utm_medium=feed <https://linux.slashdot.org/story/17/12/11/0049245/does-systemd-makes-linux-complex-error-prone-and-unstable?utm_source=rss1.0mainlinkanon&utm_medium=feed>

âJerald

Lightner, Jeffrey via Ale

2017-12-13 16:18:46 UTC

Permalink

So how âbout dem Falcons?

From: Ale [mailto:ale-***@ale.org] On Behalf Of Jerald Sheets via Ale
Sent: Wednesday, December 13, 2017 10:57 AM
To: Atlanta Linux Enthusiasts
Subject: [ale] You guys have been too quiet lately...

https://linux.slashdot.org/story/17/12/11/0049245/does-systemd-makes-linux-complex-error-prone-and-unstable?utm_source=rss1.0mainlinkanon&utm_medium=feed

âJerald

James Sumners via Ale

2017-12-13 17:31:46 UTC

Permalink

The answer is yes:

[root] ~/ # journalctl -u rsyslog
-- Logs begin at Fri 2017-12-01 14:26:49 EST, end at Wed 2017-12-13
12:30:56 EST. --
Dec 13 12:30:41 proddns1.int.clayton.edu systemd[1]: Dependency failed for
System Logging Service.
Dec 13 12:30:41 proddns1.int.clayton.edu systemd[1]: Job
rsyslog.service/start failed with result 'dependency'.

On Wed, Dec 13, 2017 at 10:57 AM, Jerald Sheets via Ale <***@ale.org> wrote:

> https://linux.slashdot.org/story/17/12/11/0049245/does-
> systemd-makes-linux-complex-error-prone-and-unstable?utm_
> source=rss1.0mainlinkanon&utm_medium=feed
>
>
>
> âJerald
>
> _______________________________________________
> Ale mailing list
> ***@ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>

--
James Sumners
http://james.sumners.info/ (technical profile)
http://jrfom.com/ (personal site)
http://haplo.bandcamp.com/ (music)

DJ-Pfulio via Ale

2017-12-13 17:50:45 UTC

Permalink

How do you deal with SSO at home?

In the 1990s, NIS was the answer. Security needs changed that.

So, how do you do it?
_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo

Derek Atkins via Ale

2017-12-13 18:31:28 UTC

Permalink

I run a Kerberos server for authentication purposes, but it only gives me
SSO to some of my services, not all of them. I don't have an actual
answer for a distributed passwd file. I never set up a home Hesiod
domain. NIS or LDAP would work, but LDAP so so heavy-handed I'd prefer
NIS. But I don't have enough systems to worry about, so it's never been a
major issue.

-derek

On Wed, December 13, 2017 12:50 pm, DJ-Pfulio via Ale wrote:
> How do you deal with SSO at home?
>
> In the 1990s, NIS was the answer. Security needs changed that.
>
> So, how do you do it?
> _______________________________________________
> Ale mailing list
> ***@ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>

--
Derek Atkins 617-623-3745
***@ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant

_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo

Chuck Payne via Ale

2017-12-13 19:10:43 UTC

Permalink

On Wed, Dec 13, 2017 at 1:31 PM, Derek Atkins via Ale <***@ale.org> wrote:

> I run a Kerberos server for authentication purposes, but it only gives me
> SSO to some of my services, not all of them. I don't have an actual
> answer for a distributed passwd file. I never set up a home Hesiod
> domain. NIS or LDAP would work, but LDAP so so heavy-handed I'd prefer
> NIS. But I don't have enough systems to worry about, so it's never been a
> major issue.
>
> -derek
>
> On Wed, December 13, 2017 12:50 pm, DJ-Pfulio via Ale wrote:
> > How do you deal with SSO at home?
> >
> > In the 1990s, NIS was the answer. Security needs changed that.
> >
> > So, how do you do it?
> > _______________________________________________
> > Ale mailing list
> > ***@ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
> >
>
>
> --
> Derek Atkins 617-623-3745
> ***@ihtfp.com www.ihtfp.com
> Computer and Internet Security Consultant
>
> _______________________________________________
> Ale mailing list
> ***@ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>

JD, I know it not best, but I use NIS. Simple and Easy, I love to have the
time to set LDAP at my house, but work and family eats into that.

--
Terror PUP a.k.a
Chuck "PUP" Payne
-----------------------------------------
Discover it! Enjoy it! Share it! openSUSE Linux.
-----------------------------------------
openSUSE -- Terrorpup
openSUSE Ambassador/openSUSE Member
skype,twiiter,identica,friendfeed -- terrorpup
freenode(irc) --terrorpup/lupinstein
Register Linux Userid: 155363

Have you tried SUSE Studio? Need to create a Live CD, an app you want to
package and distribute , or create your own linux distro. Give SUSE Studio
a try.

Solomon Peachy via Ale

2017-12-13 19:10:51 UTC

Permalink

On Wed, Dec 13, 2017 at 12:50:45PM -0500, DJ-Pfulio via Ale wrote:
> How do you deal with SSO at home?
> In the 1990s, NIS was the answer. Security needs changed that.
> So, how do you do it?

It depends greatly on what services you're trying to unify, how
they're accessed, and how many distinct servers are in play. Do you
want this to also cover shared filesystems too?

It also depends on if you're seeking to "authenticate once" or just
share an authentication backend so all logins use the same credentials.

The latter is fairly easy -- My stuff generally authenticates against
the system PAM backend, or IMAP if it's some sort of web thingey.

Some time ago I played around with an LDAP backend for everything (using
389 directory server) but it was a serious amount of administration
overhead and yielded no benefits.

I'd been meaning to set up an OpenID provider, but haven't found one
that plays well with an existing authentication backend.

- Solomon
--
Solomon Peachy pizza at shaftnet dot org
Coconut Creek, FL ^^ (email/xmpp) ^^
Quidquid latine dictum sit, altum videtur.

Lightner, Jeffrey via Ale

2017-12-13 19:14:49 UTC

Permalink

I thought NIS+ solved the issues of original NIS. I've never used NIS+ so wouldn't swear to it.

For personal stuff I'm paranoid enough to use different passwords for everything. If internet sites offer it I even use separate user names.

Minor rant:
In the old days you had to guess both username and password to login to a server. Nowadays most of the internet uses email address as username which means they've given 50% of the answer to most hackers.

-----Original Message-----
From: Ale [mailto:ale-***@ale.org] On Behalf Of Solomon Peachy via Ale
Sent: Wednesday, December 13, 2017 2:11 PM
To: DJ-Pfulio; Atlanta Linux Enthusiasts
Subject: Re: [ale] How do you deal with SSO at home?

On Wed, Dec 13, 2017 at 12:50:45PM -0500, DJ-Pfulio via Ale wrote:
> How do you deal with SSO at home?
> In the 1990s, NIS was the answer. Security needs changed that.
> So, how do you do it?

It depends greatly on what services you're trying to unify, how they're accessed, and how many distinct servers are in play. Do you want this to also cover shared filesystems too?

It also depends on if you're seeking to "authenticate once" or just share an authentication backend so all logins use the same credentials.

The latter is fairly easy -- My stuff generally authenticates against the system PAM backend, or IMAP if it's some sort of web thingey.

Some time ago I played around with an LDAP backend for everything (using
389 directory server) but it was a serious amount of administration overhead and yielded no benefits.

I'd been meaning to set up an OpenID provider, but haven't found one that plays well with an existing authentication backend.

- Solomon
--
Solomon Peachy pizza at shaftnet dot org
Coconut Creek, FL ^^ (email/xmpp) ^^
Quidquid latine dictum sit, altum videtur.
_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo

Alex Carver via Ale

2017-12-13 19:51:44 UTC

Permalink

On 2017-12-13 11:14, Lightner, Jeffrey via Ale wrote:
> I thought NIS+ solved the issues of original NIS. I've never used NIS+ so wouldn't swear to it.
>
> For personal stuff I'm paranoid enough to use different passwords for everything. If internet sites offer it I even use separate user names.
>
> Minor rant:
> In the old days you had to guess both username and password to login to a server. Nowadays most of the internet uses email address as username which means they've given 50% of the answer to most hackers.

Not necessarily. You still get to decide which email address to use so
every site could use a different one. Many of my logins on websites
have the same domain name but the username in front of @ is unique to
the site so it's a little harder.
_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo

DJ-Pfulio via Ale

2017-12-13 20:21:19 UTC

Permalink

On 12/13/2017 02:14 PM, Lightner, Jeffrey wrote:
> I thought NIS+ solved the issues of original NIS. I've never used NIS+ so wouldn't swear to it.

NIS+ clients are free. NIS+ server is Solaris only. That's a deal
breaker for me. Need a Linux-based solution, prefer Ubuntu Server or
Debian. RHEL/CentOS is a big as for 1 part of an existing infrastructure.

I need a mix of POSIX and web authentication. Shared storage is
server-to-server, not user-to-server, so I don't need that.

I've used LDAP previously, using Zimbra (with openldap) as the source DB
for everything. Zimbra updates over the years broke that integration
and I'm unwilling to deal with those hassles anymore.

Rant reply - people with just a few email addresses don't have much hope
for security. Certainly you should never use the same email for your
bank and **any** other accounts. Same for Amazon. Same for your broker.
Same for your 401(k) provider. So that means most professional people
here need at least 6 email addresses if you add in a social account and
work.

I liked how NIS worked, but I just can't take those security risks
today. It is a different world.
_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo

Lightner, Jeffrey via Ale

2017-12-13 20:46:24 UTC

Permalink

I wasn't aware of the lack of a Linux server for NIS+. As noted I've not used NIS+ and it has been years since I used NIS. Apparently even the client support development was stopped in 2012:
http://www.linux-nis.org/nisplus/

-----Original Message-----
From: Ale [mailto:ale-***@ale.org] On Behalf Of DJ-Pfulio via Ale
Sent: Wednesday, December 13, 2017 3:21 PM
To: Atlanta Linux Enthusiasts
Subject: Re: [ale] How do you deal with SSO at home?

On 12/13/2017 02:14 PM, Lightner, Jeffrey wrote:
> I thought NIS+ solved the issues of original NIS. I've never used NIS+ so wouldn't swear to it.

NIS+ clients are free. NIS+ server is Solaris only. That's a deal
breaker for me. Need a Linux-based solution, prefer Ubuntu Server or Debian. RHEL/CentOS is a big as for 1 part of an existing infrastructure.

I need a mix of POSIX and web authentication. Shared storage is server-to-server, not user-to-server, so I don't need that.

I've used LDAP previously, using Zimbra (with openldap) as the source DB for everything. Zimbra updates over the years broke that integration and I'm unwilling to deal with those hassles anymore.

Rant reply - people with just a few email addresses don't have much hope for security. Certainly you should never use the same email for your bank and **any** other accounts. Same for Amazon. Same for your broker.
Same for your 401(k) provider. So that means most professional people here need at least 6 email addresses if you add in a social account and work.

I liked how NIS worked, but I just can't take those security risks today. It is a different world.
_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo

Jim Kinney via Ale

2017-12-13 21:34:50 UTC

Permalink

Take a look at FreeIPA. It uses LDAP for storage and Kerberos for
authentication. The sss daemon handles comms with the server. The
server can be replicated rather easily.
There's a web gui for running it as well as a very potent cli backend
for scripting needs. It can be as simple as just making sure the same
password is on all systems or a complicated as Fred can only access the
storage machine at 2pm on Tuesdays. By "joining" a machine to the
service it now runs local auth then sss auth for users and anything
else you choose. I have some sudo processes handled by it (Fred can use
a certain sudo operation on a certain machine and a different operation
on a different machine and it's all handled through the replicated
service). When users push their ssh pub key to their data page, it can
be used to authenticate to any machine in the network (there's a
patched sshd that uses an LDAP lookup for the authorized_keys).
I ran a primary server off a VM and a backup server off an old desktop
for about 100+ users. Client support is solid for Debian and Ubuntu
(the sshd patch I don't know about outside of rpm-world) as well as
CentOS and Fedora of course. The server install is easy on CentOS
(RedHat calls it IDM server). I've not looked to see if Debian server
code is just a tarball or a real package set.
On Wed, 2017-12-13 at 20:46 +0000, Lightner, Jeffrey via Ale wrote:
> I wasn't aware of the lack of a Linux server for NIS+. As noted
> I've not used NIS+ and it has been years since I used
> NIS. Apparently even the client support development was stopped in
> 2012:
> http://www.linux-nis.org/nisplus/
>
>
> -----Original Message-----
> From: Ale [mailto:ale-***@ale.org] On Behalf Of DJ-Pfulio via Ale
> Sent: Wednesday, December 13, 2017 3:21 PM
> To: Atlanta Linux Enthusiasts
> Subject: Re: [ale] How do you deal with SSO at home?
>
> On 12/13/2017 02:14 PM, Lightner, Jeffrey wrote:
> > I thought NIS+ solved the issues of original NIS. I've never used
> > NIS+ so wouldn't swear to it.
>
> NIS+ clients are free. NIS+ server is Solaris only. That's a deal
> breaker for me. Need a Linux-based solution, prefer Ubuntu Server or
> Debian. RHEL/CentOS is a big as for 1 part of an existing
> infrastructure.
>
> I need a mix of POSIX and web authentication. Shared storage is
> server-to-server, not user-to-server, so I don't need that.
>
> I've used LDAP previously, using Zimbra (with openldap) as the source
> DB for everything. Zimbra updates over the years broke that
> integration and I'm unwilling to deal with those hassles anymore.
>
> Rant reply - people with just a few email addresses don't have much
> hope for security. Certainly you should never use the same email for
> your bank and **any** other accounts. Same for Amazon. Same for your
> broker.
> Same for your 401(k) provider. So that means most professional
> people here need at least 6 email addresses if you add in a social
> account and work.
>
> I liked how NIS worked, but I just can't take those security risks
> today. It is a different world.
> _______________________________________________
> Ale mailing list
> ***@ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
> _______________________________________________
> Ale mailing list
> ***@ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
--
James P. Kinney III

Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain

http://heretothereideas.blogspot.com/

DJ-Pfulio via Ale

2017-12-13 21:53:17 UTC

Permalink

Last time I looked into FreeIPA, the code port to debian had stalled.
Seems that a few of the 500 different projects, all using different
programming languages, had failed to port to Debian.

Ok, I jest, but FreeIPA is one of those typical "enterprisy" solutions
from RH that was built using 70 other projects, each with a different
idea of what is best.

Introducing Cent here is not gonna happen, but thanks. I'd rather roll
my own LDAP GUI. I don't remember any issues using ssh with LDAP auth
on Ubuntu. It has been a few years, but it "just worked" by setting up
PAM correctly.

On 12/13/2017 04:34 PM, Jim Kinney wrote:
> Take a look at FreeIPA. It uses LDAP for storage and Kerberos for
> authentication. The sss daemon handles comms with the server. The server
> can be replicated rather easily.
>
> There's a web gui for running it as well as a very potent cli backend
> for scripting needs. It can be as simple as just making sure the same
> password is on all systems or a complicated as Fred can only access the
> storage machine at 2pm on Tuesdays. By "joining" a machine to the
> service it now runs local auth then sss auth for users and anything else
> you choose. I have some sudo processes handled by it (Fred can use a
> certain sudo operation on a certain machine and a different operation on
> a different machine and it's all handled through the replicated
> service). When users push their ssh pub key to their data page, it can
> be used to authenticate to any machine in the network (there's a patched
> sshd that uses an LDAP lookup for the authorized_keys).
>
> I ran a primary server off a VM and a backup server off an old desktop
> for about 100+ users. Client support is solid for Debian and Ubuntu (the
> sshd patch I don't know about outside of rpm-world) as well as CentOS
> and Fedora of course. The server install is easy on CentOS (RedHat calls
> it IDM server). I've not looked to see if Debian server code is just a
> tarball or a real package set.
>
> On Wed, 2017-12-13 at 20:46 +0000, Lightner, Jeffrey via Ale wrote:
>> I wasn't aware of the lack of a Linux server for NIS+. As noted I've not used NIS+ and it has been years since I used NIS. Apparently even the client support development was stopped in 2012:
>> http://www.linux-nis.org/nisplus/
>>
>>
>> -----Original Message-----
>> From: Ale [mailto:ale-***@ale.org] On Behalf Of DJ-Pfulio via Ale
>> Sent: Wednesday, December 13, 2017 3:21 PM
>> To: Atlanta Linux Enthusiasts
>> Subject: Re: [ale] How do you deal with SSO at home?
>>
>> On 12/13/2017 02:14 PM, Lightner, Jeffrey wrote:
>>> I thought NIS+ solved the issues of original NIS. I've never used
>>> NIS+ so wouldn't swear to it.
>>
>>
>> NIS+ clients are free. NIS+ server is Solaris only. That's a deal
>> breaker for me. Need a Linux-based solution, prefer Ubuntu Server or Debian. RHEL/CentOS is a big as for 1 part of an existing infrastructure.
>>
>> I need a mix of POSIX and web authentication. Shared storage is server-to-server, not user-to-server, so I don't need that.
>>
>> I've used LDAP previously, using Zimbra (with openldap) as the source DB for everything. Zimbra updates over the years broke that integration and I'm unwilling to deal with those hassles anymore.
>>
>> Rant reply - people with just a few email addresses don't have much hope for security. Certainly you should never use the same email for your bank and **any** other accounts. Same for Amazon. Same for your broker.
>> Same for your 401(k) provider. So that means most professional people here need at least 6 email addresses if you add in a social account and work.
>>
>> I liked how NIS worked, but I just can't take those security risks today. It is a different world.
>> _______________________________________________
_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo

Jim Kinney via Ale

2017-12-13 22:16:43 UTC

Permalink

On Wed, 2017-12-13 at 16:53 -0500, DJ-Pfulio via Ale wrote:
> Last time I looked into FreeIPA, the code port to debian had stalled.
> Seems that a few of the 500 different projects, all using different
> programming languages, had failed to port to Debian.

Releases/4.5.2

Released 2017-06-18Highlights in 4.5.2
* 5860: depracate --no-sssd option

Option '--no-sssd' has been deprecated because SSSD is recommened to
use on modern platforms - Fedora, RHEL 6, RHEL 7, Debian. <-- Still in
the mix :-)
I _don't_ see precompiled binaries so non-rpm is a second-class release
issue.
> Ok, I jest, but FreeIPA is one of those typical "enterprisy"
> solutions
> from RH that was built using 70 other projects, each with a different
> idea of what is best.

Oh yeah :-) It glued some jboss web stuff onto pile of backend things;
389DS, bind (yeah, uses bind for DNS), Kerberos, ssh, openssl
certificate management tool dogtag.
> Introducing Cent here is not gonna happen, but thanks. I'd rather
> roll
> my own LDAP GUI. I don't remember any issues using ssh with LDAP
> auth
> on Ubuntu. It has been a few years, but it "just worked" by setting
> up
> PAM correctly.
ssh works fine with LDAP backend for passwords with typical PAM setup.
The ssh change in CentOS added an LDAP lookup for ssh pub_key. That's a
special patch from a while back. Not sure if it's in openssh outside of
the RPM world.
Check out apache directory server: http://directory.apache.org/apacheds
/downloads.html
Of course being an apache project, it's written in java
>
> On 12/13/2017 04:34 PM, Jim Kinney wrote:
> > Take a look at FreeIPA. It uses LDAP for storage and Kerberos for
> > authentication. The sss daemon handles comms with the server. The
> > server
> > can be replicated rather easily.
> >
> > There's a web gui for running it as well as a very potent cli
> > backend
> > for scripting needs. It can be as simple as just making sure the
> > same
> > password is on all systems or a complicated as Fred can only access
> > the
> > storage machine at 2pm on Tuesdays. By "joining" a machine to the
> > service it now runs local auth then sss auth for users and anything
> > else
> > you choose. I have some sudo processes handled by it (Fred can use
> > a
> > certain sudo operation on a certain machine and a different
> > operation on
> > a different machine and it's all handled through the replicated
> > service). When users push their ssh pub key to their data page, it
> > can
> > be used to authenticate to any machine in the network (there's a
> > patched
> > sshd that uses an LDAP lookup for the authorized_keys).
> >
> > I ran a primary server off a VM and a backup server off an old
> > desktop
> > for about 100+ users. Client support is solid for Debian and Ubuntu
> > (the
> > sshd patch I don't know about outside of rpm-world) as well as
> > CentOS
> > and Fedora of course. The server install is easy on CentOS (RedHat
> > calls
> > it IDM server). I've not looked to see if Debian server code is
> > just a
> > tarball or a real package set.
> >
> > On Wed, 2017-12-13 at 20:46 +0000, Lightner, Jeffrey via Ale wrote:
> > > I wasn't aware of the lack of a Linux server for NIS+. As noted
> > > I've not used NIS+ and it has been years since I used
> > > NIS. Apparently even the client support development was stopped
> > > in 2012:
> > > http://www.linux-nis.org/nisplus/
> > >
> > >
> > > -----Original Message-----
> > > From: Ale [mailto:ale-***@ale.org] On Behalf Of DJ-Pfulio via
> > > Ale
> > > Sent: Wednesday, December 13, 2017 3:21 PM
> > > To: Atlanta Linux Enthusiasts
> > > Subject: Re: [ale] How do you deal with SSO at home?
> > >
> > > On 12/13/2017 02:14 PM, Lightner, Jeffrey wrote:
> > > > I thought NIS+ solved the issues of original NIS. I've never
> > > > used
> > > > NIS+ so wouldn't swear to it.
> > >
> > >
> > > NIS+ clients are free. NIS+ server is Solaris only. That's a
> > > deal
> > > breaker for me. Need a Linux-based solution, prefer Ubuntu
> > > Server or Debian. RHEL/CentOS is a big as for 1 part of an
> > > existing infrastructure.
> > >
> > > I need a mix of POSIX and web authentication. Shared storage is
> > > server-to-server, not user-to-server, so I don't need that.
> > >
> > > I've used LDAP previously, using Zimbra (with openldap) as the
> > > source DB for everything. Zimbra updates over the years broke
> > > that integration and I'm unwilling to deal with those hassles
> > > anymore.
> > >
> > > Rant reply - people with just a few email addresses don't have
> > > much hope for security. Certainly you should never use the same
> > > email for your bank and **any** other accounts. Same for Amazon.
> > > Same for your broker.
> > > Same for your 401(k) provider. So that means most professional
> > > people here need at least 6 email addresses if you add in a
> > > social account and work.
> > >
> > > I liked how NIS worked, but I just can't take those security
> > > risks today. It is a different world.
> > > _______________________________________________
>
> _______________________________________________
> Ale mailing list
> ***@ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
--
James P. Kinney III

Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain

http://heretothereideas.blogspot.com/

Jim Kinney via Ale

2017-12-13 20:03:46 UTC

Permalink

I don't use sso at home.
FreeIPA at work

On December 13, 2017 12:50:45 PM EST, DJ-Pfulio via Ale <***@ale.org> wrote:
>How do you deal with SSO at home?
>
>In the 1990s, NIS was the answer. Security needs changed that.
>
>So, how do you do it?
>_______________________________________________
>Ale mailing list
>***@ale.org
>http://mail.ale.org/mailman/listinfo/ale
>See JOBS, ANNOUNCE and SCHOOLS lists at
>http://mail.ale.org/mailman/listinfo

--
Sent from my Android device with K-9 Mail. All tyopes are thumb related and reflect authenticity.

lnxgnome via Ale

2017-12-13 23:37:11 UTC

Permalink

FreeIPA (on CentOS) at home.Â Did look at 389DS by itself (which is part
of FreeIPA), but FreeIPA seemed more complete so I went with that.

On 20171213 3:03 PM, Jim Kinney via Ale wrote:
> I don't use sso at home.
> FreeIPA at work
>
> On December 13, 2017 12:50:45 PM EST, DJ-Pfulio via Ale <***@ale.org>
> wrote:
>
> How do you deal with SSO at home?
>
> In the 1990s, NIS was the answer. Security needs changed that.
>
> So, how do you do it?
> ------------------------------------------------------------------------
>
> Ale mailing list
> ***@ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
> --
> Sent from my Android device with K-9 Mail. All tyopes are thumb
> related and reflect authenticity.
>
>
> _______________________________________________
> Ale mailing list
> ***@ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo

Jim Kinney via Ale

2017-12-14 00:46:45 UTC

Permalink

I was gonna offer a link to a docker image with freeipa but my googling
got me sidetracked:
https://www.beeradvocate.com/beer/profile/16993/156711/
Docker IPA
yep. I'm done. gonna go get a beer now and think of ale. :-)
On Wed, 2017-12-13 at 18:37 -0500, lnxgnome via Ale wrote:
> FreeIPA (on CentOS) at home. Did look at 389DS by itself (which
> is part of FreeIPA), but FreeIPA seemed more complete so I went
> with that.
>
>
>
>
>
> On 20171213 3:03 PM, Jim Kinney via Ale
> wrote:
>
>
>
>
> > I don't
> > use sso at home.
> >
> > FreeIPA at work
> >
> >
> >
> > On December 13, 2017 12:50:45 PM EST,
> > DJ-Pfulio via Ale <***@ale.org> wrote:
> >
> > > How do you deal with SSO at home?
> > >
> > > In the 1990s, NIS was the answer. Security needs changed that.
> > >
> > > So, how do you do it?
> > >
> > > Ale mailing list
> > > ***@ale.org
> > > http://mail.ale.org/mailman/listinfo/ale
> > > See JOBS, ANNOUNCE and SCHOOLS lists at
> > > http://mail.ale.org/mailman/listinfo
> > >
> > >
> >
> >
> >
> >
> > --
> >
> > Sent from my Android device with K-9 Mail. All tyopes are
> > thumb
> > related and reflect authenticity.
> >
> >
> >
> >
> >
> > _______________________________________________
> > Ale mailing list
> > ***@ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
> >
> >
>
>
>
>
>
> _______________________________________________
> Ale mailing list
> ***@ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
--
James P. Kinney III

Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain

http://heretothereideas.blogspot.com/

Matty via Ale

2017-12-14 10:09:50 UTC

Permalink

On Wed, Dec 13, 2017 at 12:50 PM, DJ-Pfulio via Ale <***@ale.org> wrote:
> How do you deal with SSO at home?
>
> In the 1990s, NIS was the answer. Security needs changed that.
>
> So, how do you do it?

I use FreeIPA:

https://www.freeipa.org/page/About

It's easy to set up and allows you to authenticate all kinds of
devices (some take a bit more work than others). The back-end uses
Kerberos and LDAP.

- Ryan
http://prefetch.net
_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo

Ben Coleman via Ale

2017-12-13 23:08:46 UTC

Permalink

On 12/13/2017 10:57 AM, Jerald Sheets via Ale wrote:
> https://linux.slashdot.org/story/17/12/11/0049245/does-systemd-makes-linux-complex-error-prone-and-unstable?utm_source=rss1.0mainlinkanon&utm_medium=feed

I guess systemd is the vi vs emacs of the current generation?

Ben
--
Ben Coleman ***@benshome.net | For the wise man, doing right trumps
http://oloryn.benshome.net/ | looking right. For the fool, looking
Amateur Radio NJ8J | right trumps doing right.

DJ-Pfulio via Ale

2017-12-13 23:25:17 UTC

Permalink

On 12/13/2017 06:08 PM, Ben Coleman via Ale wrote:
> On 12/13/2017 10:57 AM, Jerald Sheets via Ale wrote:
>> https://linux.slashdot.org/story/17/12/11/0049245/does-systemd-makes-linux-complex-error-prone-and-unstable?utm_source=rss1.0mainlinkanon&utm_medium=feed
>
> I guess systemd is the vi vs emacs of the current generation?

No. vi won. Systemd sucks.
_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo

Ben Coleman via Ale

2017-12-13 23:34:40 UTC

Permalink

On 12/13/2017 06:25 PM, DJ-Pfulio via Ale wrote:
>> I guess systemd is the vi vs emacs of the current generation?
>
> No. vi won. Systemd sucks.

I'm thinking mostly terms of rwar-generating ability. Your response
appears to validate my statement.

Ben
--
Ben Coleman ***@benshome.net | For the wise man, doing right trumps
http://oloryn.benshome.net/ | looking right. For the fool, looking
Amateur Radio NJ8J | right trumps doing right.

Putnam, James M. via Ale

2017-12-14 00:54:08 UTC

Permalink

[t]csh vs. sh
vi vs. emacs
BSD vs. SysV (see Solaris vs. SunOS)
rcs vs. sccs
Digital vs. Data General
MySQL vs. Postgres
LMI vs. Symbolics
Solaris vs. SunOS (see BSD vs. SysV)
big endian vs. little endian
x86 vs. 68k
RISC vs. CISC
gcc vs. clang
Daemon vs. Penguin
Apple vs. IBM
Sun/AT&T vs. OSF
Java vs. C++
NVIDIA vs. 3DFX
Intel vs. AMD
Alpha vs. Sparc
OpenGL vs. DirectX

covers 90% or more of the fights I cared anything
about, but I never was much of a fanboy. Fortunately,
the heat and light generated by most of the above has
mercifully died out along with many of the associated
entities.

I fought in the SunOS vs. Solaris wars, I still have the
scars.

--
James M. Putnam
Visiting Professor of Computer Science

The air was soft, the stars so fine,
the promise of every cobbled alley so great,
that I thought I was in a dream.
________________________________________
From: Ale [ale-***@ale.org] on behalf of Ben Coleman via Ale [***@ale.org]
Sent: Wednesday, December 13, 2017 6:34 PM
To: DJ-Pfulio via Ale
Subject: Re: [ale] You guys have been too quiet lately...

On 12/13/2017 06:25 PM, DJ-Pfulio via Ale wrote:
>> I guess systemd is the vi vs emacs of the current generation?
>
> No. vi won. Systemd sucks.

I'm thinking mostly terms of rwar-generating ability. Your response
appears to validate my statement.

Ben
--
Ben Coleman ***@benshome.net | For the wise man, doing right trumps
http://oloryn.benshome.net/ | looking right. For the fool, looking
Amateur Radio NJ8J | right trumps doing right.

_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo

Jerald Sheets via Ale

2017-12-15 16:19:29 UTC

Permalink

Well this was disappointing. I was hoping for a holiday free-for-all!

Happy holidays, everyone!

âjms

Lightner, Jeffrey via Ale

2017-12-15 19:03:14 UTC

Permalink

Maybe we should have a team building exercise where a systemd proponent falls backward and sees how many anti-systemd folks try to catch him and vice-versa. I'm thinking the init folks even if they wanted to catch wouldn't be able to organize quickly enough because of the linear nature of starting. On the other hand the systemd folks might all decide they're not required for the start of the others :p

-----Original Message-----
From: Ale [mailto:ale-***@ale.org] On Behalf Of Jerald Sheets via Ale
Sent: Friday, December 15, 2017 11:19 AM
To: Putnam, James M.; Atlanta Linux Enthusiasts
Subject: Re: [ale] You guys have been too quiet lately...

Well this was disappointing. I was hoping for a holiday free-for-all!

Happy holidays, everyone!

—jms
_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/list

Jim Kinney via Ale

2017-12-15 19:32:51 UTC

Permalink

I code systemd startup scripts using vim and re-edit using nano and
then translate the scripts into init using emacs with ONLY MY LEFT
HAND!!!!!

On Fri, 2017-12-15 at 11:19 -0500, Jerald Sheets via Ale wrote:
> Well this was disappointing. I was hoping for a holiday free-for-
> all!
>
> Happy holidays, everyone!
>
>
> âjms
> _______________________________________________
> Ale mailing list
> ***@ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
--
James P. Kinney III

Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain

http://heretothereideas.blogspot.com/

Solomon Peachy via Ale

2017-12-15 19:40:27 UTC

Permalink

On Fri, Dec 15, 2017 at 02:32:51PM -0500, Jim Kinney via Ale wrote:
> I code systemd startup scripts using vim and re-edit using nano and
> then translate the scripts into init using emacs with ONLY MY LEFT
> HAND!!!!!

...while wearing mittens?

- Solomon
--
Solomon Peachy pizza at shaftnet dot org
Coconut Creek, FL ^^ (email/xmpp) ^^
Quidquid latine dictum sit, altum videtur.

Lightner, Jeffrey via Ale

2017-12-15 19:50:01 UTC

Permalink

Mittens are for sissies. He wears a boxing glove.

-----Original Message-----
From: Ale [mailto:ale-***@ale.org] On Behalf Of Solomon Peachy via Ale
Sent: Friday, December 15, 2017 2:40 PM
To: Jim Kinney; Atlanta Linux Enthusiasts
Subject: Re: [ale] You guys have been too quiet lately...

On Fri, Dec 15, 2017 at 02:32:51PM -0500, Jim Kinney via Ale wrote:
> I code systemd startup scripts using vim and re-edit using nano and
> then translate the scripts into init using emacs with ONLY MY LEFT
> HAND!!!!!

...while wearing mittens?

- Solomon
--
Solomon Peachy pizza at shaftnet dot org
Coconut Creek, FL ^^ (email/xmpp) ^^
Quidquid latine dictum sit, altum videtur.
_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo

Steve Litt via Ale

2017-12-16 02:13:49 UTC

Permalink

On Fri, 15 Dec 2017 11:19:29 -0500
Jerald Sheets via Ale <***@ale.org> wrote:

> Well this was disappointing. I was hoping for a holiday free-for-all!

The very definition of a troll is someone who posts with the motivation
of starting trouble.

If I were you, I'd neither be proud of it nor
light-hearted about it. A lot of people with a whole lot more skin in
the game than you argue both sides of this argument. To their credit,
they didn't take the bate.

SteveT

Steve Litt
December 2017 featured book: Thriving in Tough Times
http://www.troubleshooters.com/thrive
_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo

Lightner, Jeffrey via Ale

2017-12-16 16:11:06 UTC

Permalink

One of my favorite movie quotes:
"Of course you have a sense of humor. Everyone thinks they do, even people who don't. "

Lighten up. Jerald's original post was phrased in such a way as to make it clear he was being facetious as was his follow up IMNSHO.

-----Original Message-----
From: Ale [mailto:ale-***@ale.org] On Behalf Of Steve Litt via Ale
Sent: Friday, December 15, 2017 9:14 PM
To: ***@ale.org
Subject: Re: [ale] You guys have been too quiet lately...

On Fri, 15 Dec 2017 11:19:29 -0500
Jerald Sheets via Ale <***@ale.org> wrote:

> Well this was disappointing. I was hoping for a holiday free-for-all!

The very definition of a troll is someone who posts with the motivation of starting trouble.

If I were you, I'd neither be proud of it nor light-hearted about it. A lot of people with a whole lot more skin in the game than you argue both sides of this argument. To their credit, they didn't take the bate.

SteveT

Steve Litt
December 2017 featured book: Thriving in Tough Times http://www.troubleshooters.com/thrive
_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo

Jim Kinney via Ale

2017-12-16 16:49:32 UTC

Permalink

Additional data point: the ale list has had technical issues since the migration. A no traffic time for ale is usually a problem.

That said, I'm now hacking systemd binaries directly at startup using a single toggle switch so I wear boxing gloves on both hands while I alternate between punching flying unicorns and Santa's elves I've help captive since I caught them littering in my den just outside of my fireplace. I don't recall where the unicorn came from but it wasn't here before I pulled huge tracker out of my nose.

On December 16, 2017 11:11:06 AM EST, "Lightner, Jeffrey via Ale" <***@ale.org> wrote:
>One of my favorite movie quotes:
>"Of course you have a sense of humor. Everyone thinks they do, even
>people who don't. "
>
>Lighten up. Jerald's original post was phrased in such a way as to
>make it clear he was being facetious as was his follow up IMNSHO.
>
>
>
>-----Original Message-----
>From: Ale [mailto:ale-***@ale.org] On Behalf Of Steve Litt via Ale
>Sent: Friday, December 15, 2017 9:14 PM
>To: ***@ale.org
>Subject: Re: [ale] You guys have been too quiet lately...
>
>On Fri, 15 Dec 2017 11:19:29 -0500
>Jerald Sheets via Ale <***@ale.org> wrote:
>
>> Well this was disappointing. I was hoping for a holiday
>free-for-all!
>
>The very definition of a troll is someone who posts with the motivation
>of starting trouble.
>
>If I were you, I'd neither be proud of it nor light-hearted about it. A
>lot of people with a whole lot more skin in the game than you argue
>both sides of this argument. To their credit, they didn't take the
>bate.
>
>SteveT
>
>Steve Litt
>December 2017 featured book: Thriving in Tough Times
>http://www.troubleshooters.com/thrive
>_______________________________________________
>Ale mailing list
>***@ale.org
>http://mail.ale.org/mailman/listinfo/ale
>See JOBS, ANNOUNCE and SCHOOLS lists at
>http://mail.ale.org/mailman/listinfo
>_______________________________________________
>Ale mailing list
>***@ale.org
>http://mail.ale.org/mailman/listinfo/ale
>See JOBS, ANNOUNCE and SCHOOLS lists at
>http://mail.ale.org/mailman/listinfo

--
Sent from my Android device with K-9 Mail. All tyopes are thumb related and reflect authenticity.

Jerald Sheets via Ale

2017-12-17 02:05:05 UTC

Permalink

For shame, Jim. You didnât include your tows in this at all.

And âyeahâŠ lighten up, Francis."

âj

> On Dec 16, 2017, at 11:49 AM, Jim Kinney via Ale <***@ale.org> wrote:
>
> Additional data point: the ale list has had technical issues since the migration. A no traffic time for ale is usually a problem.
>
> That said, I'm now hacking systemd binaries directly at startup using a single toggle switch so I wear boxing gloves on both hands while I alternate between punching flying unicorns and Santa's elves I've help captive since I caught them littering in my den just outside of my fireplace. I don't recall where the unicorn came from but it wasn't here before I pulled huge tracker out of my nose.

Continue reading on narkive:

Search results for '[ale] You guys have been too quiet lately...' (Questions and Answers)

replies

Shy guys opinons on this?

started 2009-09-25 19:08:07 UTC

men's health

replies

What happened to all of the David Ortiz critics?

started 2010-05-22 03:23:45 UTC

baseball

replies

Shy guys, do you think he likes me?