Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Ohh, looks extremely promising, I've been after something with a bit more flexibility than Dex while not being Keycloak/Java etc, an LDAP backend would be awesome as well though (another thing thats lacking is a simple ldap server, perhaps with sql as db, openldap is excessive and glauth isn't there)


Have you had a look at Authentik? It might fit your needs.


I think I did and when I couldn't find useful installation details I gave up, I don't use docker or kubernetes, so if projects can't be bothered to make information available for a generic install, I immediately lose interest.


I do plenty of native installs, and I find Docker based instructions to be a pretty nice universal codex for how things work.

Docker entryscripts sometimes have significant magic baked in (alas), but quite often Docker is a distribution mechanism more than anything else. The Docker guides are - 9 times out of 10 - more than informative enough to show how to DIY in any other of the dozens if not hundreds of other system types you might have.

If you want to resist using the easy thing, I personally think it behooves you to not bounce so quick. You don't have to use it, and it's good nearly universal documentation as to how to operate the thing.


It means I have to sit and read through the Dockerfile (or compose, in many cases, which is even worse) and figure out what its doing and what magic variables I need to provide etc, when just providing a binary download url and an example (or reference) config does just fine, not everyone uses docker


"using the easy thing"

Easy != Simple. Not everyone wants to play around with Dockerfiles, docker compose and what not. Sometimes a plain binary is preferred. I say this as someone who likes docker for certain use cases but docker is not my solution for everything.


apt install more easy and with auto updates safe! Docker too complicated, networking, security, dependencies, all messy after all these years.

Apt rules!


Podman makes this better, as it doesn't trash my ipt/nft rules in the process, and its essentially stateless amongst other useful things


How's the network performance on podman? It defaults to slirp4netns right?


Rootless Podman uses slirp4netns by default. The default will soon change to pasta. Pasta has better performance than slirp4netns. For best performance if your container supports it, use systemd socket activation because the traffic over the activated socket will have native network performance.


I'd never heard of that systemd trick. Interesting, thanks.


Here are some documentation and demos from me and others if you're interested:

https://github.com/eriksjolund/podman-networking-docs https://github.com/eriksjolund/podman-nginx-socket-activatio... https://github.com/eriksjolund/socket-activate-httpd https://github.com/eriksjolund/mariadb-podman-socket-activat... https://github.com/PhracturedBlue/podman-socket-activated-se...


Probably for user containers, but I've only ran it as root generally to avoid those sorts of limitations so haven't noticed any issues - I rarely use docker and only use for quick testing and then switch to non-docker installs


What's wrong with glauth? I forked it so I could build in the /etc/passwd support and it's been working great.


Like raw /etc/passwd support or passwd support via PAM? Should always use PAM over reading passwd/shadow directly


I stand corrected, looks like its come a long way since I last checked - will have to give it another go


Have you had a look at LLDAP for a super simple LDAP backend with SQL behind? That or kanidm if you want OIDC built in.


I hadn't seen that, thanks! even has clear information on how to build natively and has a reference config


I’ve found running Samba as a Domain Controller pretty straightforward for this exact use case.


As userdb for keycloak? Please write about it!


Haven't tried specifically with keycloak, but it should work. Keycloak advertises LDAP and MS Active Directory compatibility.

If I find the time, I can test and write up about this integration.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: