[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: linux registry (no, not that again!)



On Tue, 2004-07-27 at 19:24 -0400, Steve Brenneis wrote:
> Someone will eventually have to answer the question of why this is
> better than using LDAP, PAM, and/or kerberos. Those are all open
> standards and well known by a large population of *nix SAs.

I still don't see the point of either using Linux Registry or LDAP over
plain-text configuration files. LDAP is a network service, and thus, has
its inherent problems: keeping local configuration on the network
creates problems like poor performance, SPoF, DoS, etc.

Windows uses Active Directory (LDAP + Kerberos, mainly) for
authentication and to publish Policies and configuration data on the
network for domain members (computers and users), which are then
integrated locally and periodically into the Registry of each domain
member (that's the Applying Policies steps that is performed by WinLogon
during boot). Domain members DO NOT take configuration data directly
from the network, but from the local Registry. Trying to gather
configuration data directly from the network (i.e. LDAP) is a serious
error, IMHO.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]