Felipe Alfaro Solana wrote:
On Tue, 2004-07-27 at 19:24 -0400, Steve Brenneis wrote:
Someone will eventually have to answer the question of why this is
better than using LDAP, PAM, and/or kerberos. Those are all open
standards and well known by a large population of *nix SAs.
I still don't see the point of either using Linux Registry or LDAP over
plain-text configuration files.
Per SF L. Registry:
All key-value pairs are stored in clear-text files
LDAP is a network service, and thus, has
its inherent problems: keeping local configuration on the network
creates problems like poor performance, SPoF, DoS, etc.
Windows uses Active Directory (LDAP + Kerberos, mainly) for
authentication and to publish Policies and configuration data on the
network for domain members (computers and users), which are then
integrated locally and periodically into the Registry of each domain
member (that's the Applying Policies steps that is performed by WinLogon
during boot). Domain members DO NOT take configuration data directly
from the network, but from the local Registry. Trying to gather
configuration data directly from the network (i.e. LDAP) is a serious
error, IMHO.