[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: Promoting LDAP vs NIS on RHL
- From: Stephen Smoogen <smoogen lanl gov>
- To: rhl-beta-list redhat com
- Subject: Re: Promoting LDAP vs NIS on RHL
- Date: 23 Jul 2003 10:15:02 -0600
We found that turning on nscd with openldap w/db4 had the speeds
equivalent to NIS. However our ldap tables may just be lucky enough to
be fast.
On Tue, 2003-07-22 at 23:15, seth vidal wrote:
> On Wed, 2003-07-23 at 00:58, Dax Kelson wrote:
> > An LDAP directory can have numerous advantages over NIS. For example:
> >
> > * Strong mutual authentication of client machines and LDAP servers
> > * All network traffic and be encrypted (by mandate even) via SSL or TLS.
> > * A rouge root on client machines cannot access user data, collect
> > encrypted password strings for user accounts
> > * Shadow password functionality including aging can be used
> >
> > I would like to encourage Linux sysadmins to "properly" and securely
> > setup LDAP directories as opposed to NIS.
> >
> > What can be done to encourage this?
> >
> > For starters, it would be nice to have a good generic LDAP directory
> > browser/editor that was SSL/TLS enabled. RHL7.3 shipped with a decent
> > one, GQ, but it was dropped.
> >
> > The slick looking "directoryadministrator" can be used to administer an
> > directory post-setup.
> >
> > Any have other ideas?
>
> could you make openldap not be incredibly slow under high load and/or
> large number of entries?
>
> The problem I see with ldap-authentication backends are:
> 1. w/o kerberos or some other strong authenticator you'll still need an
> authentication system for your authentication system
> 2. the available ldap server for linux appears to not scale that well
> right now.
> 3. the layout of user information is not terribly obvious
> 4. the disaster recovery mechanism (what do you back up to make sure you
> can recover) isn't as well documented or as trivial to understand as
> NIS'
>
> my 2c
> -sv
>
>
>
>
> --
> Rhl-beta-list mailing list
> Rhl-beta-list redhat com
> http://www.redhat.com/mailman/listinfo/rhl-beta-list
--
Stephen John Smoogen smoogen lanl gov
Los Alamos National Labrador CCN-5 Sched 5/40 PH: 4-0645 (note new #)
Ta-03 SM-1498 MailStop B255 DP 10S Los Alamos, NM 87545
-- So shines a good deed in a weary world. = Willy Wonka --
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]