On Thu, Oct 16, 2008 at 7:22 AM, Ross Walker <rswwalker at gmail.com> wrote: > > Basically, in a nutshell what I was trying to get across is: > > 1) Keep passwords in local passwd files or Kerberos, using NIS or LDAP for > passwords is generally not a good idea as there are too many ways these can be > compromised. I realize one can hack Heimdal Kerberos and OpenLDAP to work > together keeping Kerberos information in LDAP like Active Directory does, but > it is a complex unsupported hack that is sure to break at some point if either > side is upgraded. If that's what you want, go out and buy an Active Directory > server and integrate it into your Linux environment. > > 2) Use of LDAP for most small environments is overkill. NIS for auto-mount maps > and account information (passwords stripped), is more then adequate here, but > as the organization grows you may find NIS harder to manage then LDAP, so at > that time I would migrate from NIS to LDAP. Of course there may be other reasons > to use LDAP over NIS, such as third party application support where third party > application configuration information is distributed through LDAP. Of > course your > choice will be based on your requirements independant of what anybody like > myself says. > > I hope that helps clarify things. > Indeed, and awesomely so. Many thanks. mhr (no grump here :-)