Craig White wrote:
On Mon, 2009-01-12 at 22:29 -0500, Robert Moskowitz wrote:
Craig White wrote:
The alternative is to actually learn how LDAP works and then you can do
anything you want with it.
Like the aformentioned developer?
----
he was an educator, not a software developer. At some point, someone has
to give thought/effort towards creating a sustainable software package
and not just something that worked at a given point in time.
In the end though, I have always felt that if you install LDAP as a
primary authentication system and can't maintain it because you
installed as a turnkey and never really understood how it worked, you
were just asking for disaster to strike you.
Yup. I use LDAP authentication for a bunch of machines that used to
have quasi-synchronized passwd and group files. There were conflicts
galore but they've been sorted out now.
I used RPM-based pam/nss stuff, but the LDAP (and back-end BDB) were
built from tarballs so I could have the latest (these systems had to be
PCI-compliant). It's not hard but neither is it trivial and you do need
to know how it all works. The fiddly bits most people have problems
with are the SASL/Kerberos things to secure the LDAP communications and
making sure the redundant LDAP servers do indeed replicate between each
other correctly.
Any network-based authentication system (LDAP, NIS, NIS+, AD) is, by
definition, more complex than a local file-based solution and if you're
going to use it, you had better understand how all the bits interrelate
or you're asking for trouble. But, then again, if it was easy everyone
would do it!
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer ricks@xxxxxxxx -
- AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -
- -
- Life: That which happens while you search for the remote control. -
----------------------------------------------------------------------
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
