On 2018-03-26, Leon Fauster <leonfauster at googlemail.com> wrote: > > Quite time ago we had a stripped setup here working only with Openldap and > PAM modules. LDAP with replication for redundancy, centralized communication > with local CA and over TLS. It worked very well. The successor of such setup > is SSSD for EL7 but the above should be still a feasible solution. Likely an even longer time ago, I did an even more stripped down version of this, where I just set up an OpenLDAP server, used their tools to import from our existing NIS to it, and ran it unencrypted (all the hosts were either on the same switch or over VPN so having no encryption on the network channel was less of a concern). It was fairly straightforward, and I imagine that nowadays, setting up TLS for slapd and clients is probably fairly straightforward too. I wonder how much support there is for NIS any more in recent distros. Is it possible CentOS 7 doesn't support NIS, or does but is buggy? --keith -- kkeller at wombat.san-francisco.ca.us