21.05.2020 12:16, Ihor Antonov wrote: > Jails have a lot of drawbacks to.
[skip] > I tried jails and was left disappointed. Just use sysutils/ezjail from ports that hides all the hassle and does it all for you, so you need to perform installworld for the host system only. >> Also, shared PAM does not mean duplication of system user database, >> take a look at: man -k pam_|fgrep '(8)' > > The idea was to have a lightweight solution with minimum moving parts. > Bringing machinery > like LDAP into this defeats the purpose of the exercise. If you don't like LDAP, use FreeRADIUS and pam_radius. Combined with ezjail, it is most lightweight solution you may currently obtain without writing additional kernel level code. _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"