On Tue, 2004-07-27 at 19:24 -0400, Steve Brenneis wrote: > Someone will eventually have to answer the question of why this is > better than using LDAP, PAM, and/or kerberos. Those are all open > standards and well known by a large population of *nix SAs. I still don't see the point of either using Linux Registry or LDAP over plain-text configuration files. LDAP is a network service, and thus, has its inherent problems: keeping local configuration on the network creates problems like poor performance, SPoF, DoS, etc. Windows uses Active Directory (LDAP + Kerberos, mainly) for authentication and to publish Policies and configuration data on the network for domain members (computers and users), which are then integrated locally and periodically into the Registry of each domain member (that's the Applying Policies steps that is performed by WinLogon during boot). Domain members DO NOT take configuration data directly from the network, but from the local Registry. Trying to gather configuration data directly from the network (i.e. LDAP) is a serious error, IMHO.
