[OLUG] Single system login administration?

Adam Haeder adamh at omaha.org
Thu May 25 14:14:36 UTC 2000


I'm getting to the point where the number of linux servers I have is quickly accelerating. Since we only had 2 for the longest time, I never worried about user account sychronization between them. The few people that needed accounts got them, and when they changed their passwords, they had to change them on both systems.
This will not work anymore. What I would like to get some advice on is what is currently the best way to do this? I'm looking at 3 different choices:

- NIS
- LDAP
- Novell's NDS for Linux

Since I'm not that familiar with NDS, that's probably the last resort. My big question is: does anybody use NIS anymore? Everywhere I go to read about it, major security considerations are brought up. Then there's talk of NIS+, but I was under the impression that it was still very immature on Linux. Please feel free to correct my assumptions.

I'm sort of leaning towards LDAP right now. I know that you can LDAP-enable PAM, and I could also have Apache authenticate against it, and it could become more than a username:password store, it could our whole company contact database. I like that idea.

What have other people done? Is NIS really not worth considering anymore for the security considerations? Has anyone used OpenLDAP enough to know if it is robust enough to handle this? Is Netscape's Directory Server (the only major commerical linux ldap server I know of) worth the money? Thanks for any input.

--
Adam Haeder
Technical Coordinator, AIM Institute
adamh at omaha.org


---------------------------------------------------------------------
To unsubscribe, e-mail: olug-unsubscribe at bstc.net
For additional commands, e-mail: olug-help at bstc.net



More information about the OLUG mailing list