On Fri, 2011-12-02 at 15:59 +0100, Ondrej Valousek wrote: > Small update so I am not only throwing dirt on winbind: > > Winbind has still its use if you can not use / do not have RFC2307 > attributes in AD. > So simply, if you want to use RFC2307 attributes, sssd is here for > you. If not, go for winbind. But yet I would not bother about winbind > plugin for sssd as it does not make too much sense - that's why we > have Glibc and its /etc/nsswitch.conf!
Well, just to make one point, there are a few advantages to the winbind backend over pure winbind: 1) SSSD caching instead of nscd 2) Support for multiple AD domains without trust 3) One-to-one mapping of identity domain to authentication domain (so you're not exposing your password to multiple authentication domains until you find the right one, as with traditional PAM).
Description: This is a digitally signed message part
_______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users