On Thu, Oct 16, 2008 at 7:22 AM, Ross Walker <rswwalker@xxxxxxxxx> wrote: > > Basically, in a nutshell what I was trying to get across is: > > 1) Keep passwords in local passwd files or Kerberos, using NIS or LDAP for > passwords is generally not a good idea as there are too many ways these can be > compromised. I realize one can hack Heimdal Kerberos and OpenLDAP to work > together keeping Kerberos information in LDAP like Active Directory does, but > it is a complex unsupported hack that is sure to break at some point if either > side is upgraded. If that's what you want, go out and buy an Active Directory > server and integrate it into your Linux environment. > > 2) Use of LDAP for most small environments is overkill. NIS for auto-mount maps > and account information (passwords stripped), is more then adequate here, but > as the organization grows you may find NIS harder to manage then LDAP, so at > that time I would migrate from NIS to LDAP. Of course there may be other reasons > to use LDAP over NIS, such as third party application support where third party > application configuration information is distributed through LDAP. Of > course your > choice will be based on your requirements independant of what anybody like > myself says. > > I hope that helps clarify things. > Indeed, and awesomely so. Many thanks. mhr (no grump here :-) _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
Re: Seeking advice about auth/home serving
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: "CentOS mailing list" <centos@xxxxxxxxxx>
- Subject: Re: Seeking advice about auth/home serving
- From: MHR <mhullrich@xxxxxxxxx>
- Date: Thu, 16 Oct 2008 09:30:21 -0700
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <53c900fd0810160722k244602a9v786a594fc8b475f1@xxxxxxxxxxxxxx>
- References: <fc593b510810150052o2ca08bd5kcc9d61370ea09d98@xxxxxxxxxxxxxx> <1224064002.6646.4.camel@xxxxxxxxxxxxxxxxx> <fc593b510810150305q453b6b1fqc952e3dfedfb2860@xxxxxxxxxxxxxx> <e814db780810150651j2982947bjf138f876df52f247@xxxxxxxxxxxxxx> <6AE07C4A-3BEB-4355-A1C6-DB17C3162554@xxxxxxxxx> <f4e013870810151147p60093397u825353042b0fa9a@xxxxxxxxxxxxxx> <810F1BB2-B2A5-4A95-8889-C41CEBA0076A@xxxxxxxxx> <f4e013870810152008t42106f24mcb0a0b7f8955b2de@xxxxxxxxxxxxxx> <53c900fd0810160722k244602a9v786a594fc8b475f1@xxxxxxxxxxxxxx>
- References:
- Seeking advice about auth/home serving
- From: Laurent Wandrebeck
- Re: Seeking advice about auth/home serving
- From: Ian Forde
- Re: Seeking advice about auth/home serving
- From: Laurent Wandrebeck
- Re: Seeking advice about auth/home serving
- From: Filipe Brandenburger
- Re: Seeking advice about auth/home serving
- From: Ross Walker
- Re: Seeking advice about auth/home serving
- From: MHR
- Re: Seeking advice about auth/home serving
- From: Ross Walker
- Re: Seeking advice about auth/home serving
- From: MHR
- Re: Seeking advice about auth/home serving
- From: Ross Walker
- Seeking advice about auth/home serving
- Prev by Date: Re: new list proposal
- Next by Date: Re: new list proposal
- Previous by thread: Re: Seeking advice about auth/home serving
- Next by thread: Postfix problem
- Index(es):
 |