On pe, 01 loka 2021, Neal Gompa wrote:
On Fri, Oct 1, 2021 at 12:41 PM Frank Ch. Eigler
<fche(a)redhat.com> wrote:
>
> Stephen John Smoogen <smooge(a)gmail.com> writes:
>
> >> > The places I have seen it still being used are in Universities run by
> >> > people who learned sysadmin in the 1990's and early 2000's. It
is a
> >> > light weight system which is simple to set up [...]
> >>
> >> For those people who like simple to set up and working systems but are
> >> willing to consider upgrading if it's also simple and will keep
working,
> >> is there a NIS->$whatever migration document in fedora someplace?
> >
> > I don't think anyone has come up with an agreed upon $whatever that a
> > majority of people like. There is LDAP but that isn't light. There are
> > kerberos but that isn't easy.
>
> "light" in terms of CPU/network, who cares. "light" in terms of
> simplicity and maintenance, you have my attention. If there is no such
> gadget available, then please let's keep NIS around.
>
>
> > And honestly the cool kids only want web logins these days as servers
> > are a pain and why not just login into Google/Facebook/Microsoft and
> > let them deal with all that setup.
>
> (OK but seriously that's not a fedora matter. Well, or rather, I'd love
> to have a passwd/nss backed openid gadget. Is that ipsilon?)
>
We're currently missing a way to do OpenID or OIDC based login in
Linux like what Windows and macOS has. Ipsilon would be the
server-side aspect of it, we don't have any client-side integration
(sssd, gdm/sddm, etc.)
We are working on that part for SSSD and FreeIPA. Not production ready
yet but aim to have something testable later this year. In a prototype
we have it is possible to authenticate against a thing like Github or
Keycloak.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland