On 16/05/17 14:20, Stephen Gallagher wrote:
>> apparently *designed* with philosophy much like that of systemd. It's
>> supposed to be a unified set of tools replacing a lot of already
>> existing functionality, and adding some useful features.
>> Unfortunately, its unifying multiple service and multiple host
>> authentication doesn't seem to have become popular: Most folks I've
>> seen using Kerberos and LDAP, which sssd was designed to integrate,
>> have simply ignored sssd and gone straight to the more multi-platform
>> supported Samba.
>
> Just a reminder: anecdotes do not equal rigorous data :)
> 
> SSSD is in extremely wide use around the world and is the preferred
> LDAP/Kerberos client option in all of the major Linux distributions.

Just to backup this a bit further.  Those integrating with AD, will also
most likely take advantage of LDAP/Kerberos as well.  Kerberos is the
only authentication scheme I know of which also enables a truly working
SSO solution, which tackles the full stack from localhost login to
various network services.

In addition, SSSD provides a possibility to cache authentication details
so you can have laptops fully integrated with an LDAP/Kerberos
environment, provide a centralized password policy and yet be able to do
local authentication if the LDAP/Kerberos backends are unavailable.

And then there is the support for OTP based authentication, which it
also seems to be handled quite well regardless if you are online or not.

From my perspective, SSSD solves more issues than what nscd is capable
of, at least to how I've learnt to know nscd.  And my experience with
computers enrolled into a FreeIPA managed network have overall just been
a wonderful and easy experience.


-- 
kind regards,

David Sommerseth

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Reply via email to