On Fri, 2011-12-02 at 15:59 +0100, Ondrej Valousek wrote:
> Small update so I am not only throwing dirt on winbind:
> Winbind has still its use if you can not use / do not have RFC2307
> attributes in AD. 
> So simply, if you want to use RFC2307 attributes, sssd is here for
> you. If not, go for winbind. But yet I would not bother about winbind
> plugin for sssd as it does not make too much sense - that's why we
> have Glibc and its /etc/nsswitch.conf!

Well, just to make one point, there are a few advantages to the winbind
backend over pure winbind:

1) SSSD caching instead of nscd
2) Support for multiple AD domains without trust
3) One-to-one mapping of identity domain to authentication domain (so
you're not exposing your password to multiple authentication domains
until you find the right one, as with traditional PAM).

Attachment: signature.asc
Description: This is a digitally signed message part

Freeipa-users mailing list

Reply via email to