I also looked into FreeIPA and the complexity is significant, at the time FreeIPA's DNS integration seemed to rely on a Fedora patch and I wasn't willing to introduce that into a production environment. Does anyone know if this has changed? Also, concerning alternatives, does anyone have experience with Shibboleth or OmniAuth?
-----Original Message----- From: CentOS [mailto:centos-bounces@centos.org] On Behalf Of Leon Fauster Sent: Monday, March 26, 2018 6:41 AM To: CentOS mailing list centos@centos.org Subject: [EXTERNAL] Re: [CentOS] How insecure is NIS ? Possible alternatives ?
Am 26.03.2018 um 11:59 schrieb Nicolas Kovacs info@microlinux.fr:
Le 26/03/2018 à 10:28, isdtor a écrit :
In my opionion, there is a serious gap in this area. It's either NIS, simple, easy to setup yet insecure, or LDAP/FreeIPA/RH Id management server at a complexity at least one order of magnitude beyond NIS.
I gave FreeIPA a spin a while back. I installed it on a sandbox server, and from what I recall, it pulled in a tsunami of dependencies, and first thing it wanted to replace my Dnsmasq with BIND... so I didn't look much further.
Quite time ago we had a stripped setup here working only with Openldap and PAM modules. LDAP with replication for redundancy, centralized communication with local CA and over TLS. It worked very well. The successor of such setup is SSSD for EL7 but the above should be still a feasible solution.
-- LF
_______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos