[CentOS] Seeking advice about auth/home serving

MHR mhullrich at gmail.com
Thu Oct 16 16:30:21 UTC 2008


On Thu, Oct 16, 2008 at 7:22 AM, Ross Walker <rswwalker at gmail.com> wrote:
>
> Basically, in a nutshell what I was trying to get across is:
>
> 1) Keep passwords in local passwd files or Kerberos, using NIS or LDAP for
> passwords is generally not a good idea as there are too many ways these can be
> compromised. I realize one can hack Heimdal Kerberos and OpenLDAP to work
> together keeping Kerberos information in LDAP like Active Directory does, but
> it is a complex unsupported hack that is sure to break at some point if either
> side is upgraded. If that's what you want, go out and buy an Active Directory
> server and integrate it into your Linux environment.
>
> 2) Use of LDAP for most small environments is overkill. NIS for auto-mount maps
> and account information (passwords stripped), is more then adequate here, but
> as the organization grows you may find NIS harder to manage then LDAP, so at
> that time I would migrate from NIS to LDAP. Of course there may be other reasons
> to use LDAP over NIS, such as third party application support where third party
> application configuration information is distributed through LDAP. Of
> course your
> choice will be based on your requirements independant of what anybody like
> myself says.
>
> I hope that helps clarify things.
>

Indeed, and awesomely so.

Many thanks.

mhr
(no grump here :-)


More information about the CentOS mailing list