On Fri, 1 Oct 2021 at 06:14, Björn 'besser82' Esser
<besser82(a)fedoraproject.org> wrote:
Hello,
I'm currently doing some experiments with replacing the - upstream
mostly unmaintained - pam_unix module (authentication with user passwd)
with something using less bloated and cleaner code. This topic is
currently also discussed with the upstream maintainer of pam_unix.
Replacing parts of a software for the sake of less complexity usually
comes with a cut-down of features; in this particular case it would be
dropping support for NIS(+), which has already been abandoned by its
initial developer SUN / Oracle for about 10 years [1].
Before starting some more concrete plans, I'd like to get some feedback
from the Fedora community how they feel about removing NIS(+) support in
PAM. Is it even still actively used anywhere and/or by anyone in the
Fedora universe?
The places I have seen it still being used are in Universities run by
people who learned sysadmin in the 1990's and early 2000's. It is a
light weight system which is simple to set up and tends to be the
goto-stick for a lot of 'we put this together in 1999 with RHL6 and
upgraded ever since' places.
That said, NIS in most setups causes all kinds of security problems
and audit failures that those areas are probably rapidly going away.
[And the ones I know have been moving to Debian because it keeps
various other technologies we jettisoned long ago.]
If we drop this from pam_unix, should we look to dropping ypbind and
similar tools?
--
Stephen J Smoogen.
I've seen things you people wouldn't believe. Flame wars in
sci.astro.orion. I have seen SPAM filters overload because of Godwin's
Law. All those moments will be lost in time... like posts on a BBS...
time to shutdown -h now.