12:40 a.m.
On kwi 07, Jan Kowalsky wrote:
> But the roles in DebOps are flexible enough that the possibility
of
> changing the defaults is there. Perhaps you could add a guide that
> explains how to modify the default configuration to be compatible with
> FusionDirectory? I'm sure that many users would be interested in it.
Where would be the right place to do? Is there any "howto" section in
debops documentation?
The bulk of the changes will most likely be in the 'slapd' role, so I would
put the howto in its documentation, for example alongside multi-master
replication one. I'm not sure if you need to change anything related to the
'ldap' role for FusionDirectory; maybe it has a different place to register
hosts.
nfs+kerberos: secure but complex. Another drawback (but maybe
I'm
wrong): we can't use it for statically mounted filesystem without user
interaction because only users have tickets and not machines.
Machines can also have Kerberos tickets - they need to authenticate to the KDC
as well. But I agree that Kerberos is very complex. I haven't even tried to
approach it yet.
samba: It works, has at least an authentication layer and we need it
anyway for cross-plattform support / BYOD. So we only have to configure
ONE network filesystems. It works surprisingly well - even for /home
over network. A big drawback: we need unix extentions for user homes -
but this is only possible with samba vers=1.0 (https://lists.samba.org/
archive/samba/2017-October/211517.html).
That message seems to be from 2017, maybe something changed in the meantime.
There's apparently work done on new POSIX compatibility layer[1], not sure
about the details.
[1]: https://wiki.samba.org/index.php/SMB3-Linux
All in all network filesystem situation for linux is everything else
then satisfactory.
Plan 9 comes to mind... But that's a story for another time. :-)
Cheers,
Maciej