Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 14 Dec 2008 17:59:06 +0700
From:      "Outback Dingo" <outbackdingo@gmail.com>
To:        "Da Rock" <rock_on_the_web@comcen.com.au>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Centralized DB of "system" users
Message-ID:  <5635aa0d0812140259y18712a55xb6efbb69fa48f86@mail.gmail.com>
In-Reply-To: <1229231755.18610.102.camel@laptop2.herveybayaustralia.com.au>
References:  <20081213090822.GA97581@lpthe.jussieu.fr> <1229231755.18610.102.camel@laptop2.herveybayaustralia.com.au>

next in thread | previous in thread | raw e-mail | index | archive | help
> Wouldn't kerberos be a better alternative? One server (maybe a
> replicated backup), and all services authenticate with that. Saves
> shadow on the wire...
>

I think the ulitimate question is going to be at what level of pain does the
person wish to suffer to achieve his goals
there are numerous ways to do it, though some can be painful, if not
experienced. I struggle to get my brain around
an environment with mulitple OSes in it, where i would lean towards the LDAP
method, though you raise a valid point
where kerberos could fit nicely, though Im not sure we are aware of the long
term goals or the project where one might
be adding in other types of Operating Systems. Then we have the discussion
of interoperability. If it stays as in his game
plan and  doesnt encounter scope creep (not like it doesnt happen) at some
time, he might wish to choose the best overall
design to implement, again my vote would be LDAP. it is the most globally
scaable, relocable and interoperable once its
deployed allowing for future growth without a serious amount of pain.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5635aa0d0812140259y18712a55xb6efbb69fa48f86>