[CentOS] how many people still use NIS?
jjasen at realityfailure.org
Sun Oct 3 13:17:08 UTC 2010
Iain Morris wrote:
> On Sat, Oct 2, 2010 at 7:29 PM, Craig White <craigwhite at azapple.com
> <mailto:craigwhite at azapple.com>> wrote:
> This discussion completely ignores the fact that user authentication is
> just one of the many things LDAP does. If all you are going to do with
> LDAP is simple user & group management then you have a lack of
> Not to stray much further off the subject, nor defend AD much further on
> the CentOS list, but AD does a lot more than user/group auth. In fact
> it does everything in your list (DNS, mail access lists, etc), and quite
> a bit more out of the box.
> Apple's Open Directory is a nice start, but pretty far behind in the
> race. In fact if I had a 1000 Mac installation, I'd rather build an AD
> domain and extend the schema to include the Apple attributes and use WG
> Manager for the Macs. I honestly believe Apple has put more engineering
> time into their AD plugin than their OD native interface.
For a mixed installation with a bunch of Windows boxes, you're probably
not going to get away from AD, so you might as well leverage it.
Honestly, its a pretty slick kerberos+LDAP+etc integration. There are a
few things it does wrong, but trying to beat its manageability,
replication, etc with openldap+mit-krb5 is _hard_.
You may get it working, but then someone has to support it down the line. :)
As for Apple's OpenDirectory, I would not inflict it on anyone I like or
had to support. While 2/3rds of it is openldap+mit-krb5, the third leg
is their own proprietary crap that is frail, prone to obscure failures,
generally undocumented, stores all the password hashes in yet another
database on the server, doesn't handle replication, and generally
interferes with your life.
> And NIS servers belong in a museum! :-)
Of bad ideas? :)
-- John E. Jasen (jjasen at realityfailure.org)
-- "Deserve Victory." -- Terry Goodkind, Naked Empire
More information about the CentOS