[OLUG] Single system login administration?

John Kennedy jkennedy at orent.com
Thu May 25 14:19:04 UTC 2000


Adam,
We currently use Netscape Directory Server (for Solaris but I'm sure there's no
difference).  Although the GUI is Java based and slow there are alot of features
and options that make it worth the money.  It is also easy to use (I am not
sure about the set-up because I wasn't the one to do that.).  We use it as a
directory server for e-mail and for e-mail login authentication.  In the near
future we will be using it for server login authentication for one or more of
our Solaris servers.  I've used NIS as well and along with the security issues
there is also the added inconvience of it being a real pain in the *** to set
up and use.  NIS+ is not much better.  I personally would go with LDAP and
leave the other 2 alone.
There is also an LDAP mail list (I think you can get there through
http://www.openldap.org) that has moderate traffic and is pretty helpful.
Good Luck,
John


On Thu, 25 May 2000, Adam Haeder lied to us about:
> I'm getting to the point where the number of linux servers I have is quickly accelerating. Since we only had 2 for the longest time, I never worried about user account sychronization between them. The few people that needed accounts got them, and when they changed their passwords, they had to change them on both systems.
> This will not work anymore. What I would like to get some advice on is what is currently the best way to do this? I'm looking at 3 different choices:
> 
> - NIS
> - LDAP
> - Novell's NDS for Linux
> 
> Since I'm not that familiar with NDS, that's probably the last resort. My big question is: does anybody use NIS anymore? Everywhere I go to read about it, major security considerations are brought up. Then there's talk of NIS+, but I was under the impression that it was still very immature on Linux. Please feel free to correct my assumptions.
> 
> I'm sort of leaning towards LDAP right now. I know that you can LDAP-enable PAM, and I could also have Apache authenticate against it, and it could become more than a username:password store, it could our whole company contact database. I like that idea.
> 
> What have other people done? Is NIS really not worth considering anymore for the security considerations? Has anyone used OpenLDAP enough to know if it is robust enough to handle this? Is Netscape's Directory Server (the only major commerical linux ldap server I know of) worth the money? Thanks for any input.
> 
> --
> Adam Haeder
> Technical Coordinator, AIM Institute
> adamh at omaha.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: olug-unsubscribe at bstc.net
> For additional commands, e-mail: olug-help at bstc.net
-- 
John Kennedy
UNIX System Administrator
Orent Graphic Arts

-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCM d-(+) s: a C+++ USL++++$ P+>+++ L+++ E--- W++ N+ o+ K w--(---) O-
M V- PS+ PE Y+(++) PGP>+++ t 5 X R TV++ b+++ DI++++ D G e h---- r+++ z++++
------END GEEK CODE BLOCK------
To decode go to http://www.ebb.org/ungeek/

If you receive something that says "Send this to everyone you 
know," PLEASE pretend you don't know me.

Your anti-Microsoft signatures for Thursday are...

"One World, one Web, one Program" - Microsoft promotional ad
"Ein Volk, ein Reich, ein Fuhrer" - Adolf Hitler

Name one nice thing about Windows?... 
It doesn't just crash, it displays a dialog box and lets you press 'OK' first.

---------------------------------------------------------------------
To unsubscribe, e-mail: olug-unsubscribe at bstc.net
For additional commands, e-mail: olug-help at bstc.net



More information about the OLUG mailing list