On Thu, Oct 16, 2008 at 7:22 AM, Ross Walker rswwalker@gmail.com wrote:
Basically, in a nutshell what I was trying to get across is:
- Keep passwords in local passwd files or Kerberos, using NIS or LDAP for
passwords is generally not a good idea as there are too many ways these can be compromised. I realize one can hack Heimdal Kerberos and OpenLDAP to work together keeping Kerberos information in LDAP like Active Directory does, but it is a complex unsupported hack that is sure to break at some point if either side is upgraded. If that's what you want, go out and buy an Active Directory server and integrate it into your Linux environment.
- Use of LDAP for most small environments is overkill. NIS for auto-mount maps
and account information (passwords stripped), is more then adequate here, but as the organization grows you may find NIS harder to manage then LDAP, so at that time I would migrate from NIS to LDAP. Of course there may be other reasons to use LDAP over NIS, such as third party application support where third party application configuration information is distributed through LDAP. Of course your choice will be based on your requirements independant of what anybody like myself says.
I hope that helps clarify things.
Indeed, and awesomely so.
Many thanks.
mhr (no grump here :-)