Am Freitag, dem 01.10.2021 um 09:31 -0400 schrieb Stephen John Smoogen: > On Fri, 1 Oct 2021 at 06:14, Björn 'besser82' Esser > <besser82@xxxxxxxxxxxxxxxxx> wrote: > > > > Hello, > > > > I'm currently doing some experiments with replacing the - upstream > > mostly unmaintained - pam_unix module (authentication with user > > passwd) > > with something using less bloated and cleaner code. This topic is > > currently also discussed with the upstream maintainer of pam_unix. > > > > Replacing parts of a software for the sake of less complexity > > usually > > comes with a cut-down of features; in this particular case it would > > be > > dropping support for NIS(+), which has already been abandoned by its > > initial developer SUN / Oracle for about 10 years [1]. > > > > Before starting some more concrete plans, I'd like to get some > > feedback > > from the Fedora community how they feel about removing NIS(+) > > support in > > PAM. Is it even still actively used anywhere and/or by anyone in > > the > > Fedora universe? > > > > The places I have seen it still being used are in Universities run by > people who learned sysadmin in the 1990's and early 2000's. It is a > light weight system which is simple to set up and tends to be the > goto-stick for a lot of 'we put this together in 1999 with RHL6 and > upgraded ever since' places. > > That said, NIS in most setups causes all kinds of security problems > and audit failures that those areas are probably rapidly going away. > [And the ones I know have been moving to Debian because it keeps > various other technologies we jettisoned long ago.] > > If we drop this from pam_unix, should we look to dropping ypbind and > similar tools? Yes, finally dropping the ypbind, yp-tools, and ypserv packages seems to make sense in this context, as from my understanding they won't be of any practical use anymore. Maybe libnsl, libnsl2, nss_nis, and slapi-nis can be evaluated to be dropped also. Björn
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
