One of the first issues faced by any admin who
wants to convert from a MS network to Linux is
authentication. In the MS world, there are NT4
domains, and the more recent Win2K Active
Directory domain, which provide a central
authentication db for all activities on the
network. If I understand correctly, the most
similar thing in the nix world is the NIS domain.
But there is also the possibility of setting up
an LDAP server for authentication. Let me throw
out my comments and questions, and please comment
and/or correct me:
1) there are no other realistic options besides
the above 2 for centralized authentication for
users
2) LDAP is preferable to NIS, because it offers
everything NIS does, as well as (from
http://diradmin.open-it.org/index.php):
* Like NIS, a single source of sign-on: using
LDAP, eliminating different sources and making
user administration much easier. LDAP integrates
with the PAM security architecture and many
servers such as Apache.
* Mail accounts without system accounts: you
can create user accounts for several mail servers
without necessarily creating a system account for
them.
* Centralized preference storage: you may
want to centralize preferences for different
applications. For example, Netscape preferences,
bookmarks etc can be stored in LDAP.
* Corporate address book: most e-mail
software allows you to use LDAP directory servers
as address book sources, so you keep your company
members' information there. You can also link
your directory to specialized software such as
trouble tracking, and make your users log in to
the software.
3) both NIS and LDAP can use encrypted &
public/private key authentication techniques,
including kerberos, so no passwords need to
traverse the network in clear text.
How does all this sound?
Scott (was "boyhowdy")
__________________________________________________
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com