[Freeipa-users] FreeIPA and others
JR Aquino
JR.Aquino at citrix.com
Tue May 15 05:25:37 UTC 2012
On May 14, 2012, at 9:50 PM, "Steven Jones" <Steven.Jones at vuw.ac.nz> wrote:
> 8><---------
>
> Mileage may vary.
>
> I for one have found no suitable scalable substitute for FreeIPA.
>
> 8><----------
>
> Sure but depends on capability and experience, I for one am struggling.....while significantly easier than say 389 (which I gave up on), its still a huge step up.......
>
I agree that it doesn't solve /all/ problems (yet) ;)
However, I have looked for a very very long time to find a scalable LDAP implementation with integrated Kerberos and RBAC/HBAC. I've had numerous personal discussions with the creators /maintainers of openldap, pam_ldap, sudo, and some of the MIT-Kerb folk along my way.
Because no one else had solve those problems, I was actually in the middle of writing my own solution when I stumbled onto FeeIPA...
For example, Pam_ldap expect(s/ed) that every user object contain an attribute entry for every single host they are allowed to log into.... Doesn't quite scale when you have to manage complex mixtures of thousands of users to thousands of hosts...
What do you feel is the biggest struggle?
Is it the base core features, or is it external integration pains for things feature that don't exist yet?
"Keeping your head in the cloud"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jr Aquino | Sr. Information Security Specialist
GIAC Certified Incident Handler | GIAC WebApp Penetration Tester
Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117
jr.aquino at citrixonline.com
http://www.citrixonline.com
More information about the Freeipa-users
mailing list