On Wednesday, 02/16/2011 at 04:53 EST, Marcy Cortes <marcy.d.cor...@wellsfargo.com> wrote:
> Why is it a cool thing to do? Doesn't it make more sense to use whatever every > other Linux/unix box in your shop is using? All those other people may get > cranky if you make them get a CMS id to login to Linux or to use a web app. > > Unless you have no Linux or Unix in your shop and only CMS and no other > centralized directory... Yeah, it's not about kewlness. It's most useful for those installations whose Linux admins are also z/OS or z/VM admins. While you can use the VM or MVS LDAP server to centralize authentication, you could also just use another Linux guest. And some like the fact that the LDAP server on VM and MVS is not the same implementation as on Linux (openLDAP). So a vuln in Linux does not imply a vuln in VM or MVS. In this scenario it isn't necessary to give them a virtual machine; it's only necessary to have credentials in the ESM or LDAP. But you have to do more work in your provisioning system to ensure you don't unintentionally create a virtual machine that matches the user name. But watch out. SFS allows you to enroll users that don't have a virtual machine. You can authenticate via FTP even if you don't have a virtual machine. Extra work is required to lock such remote-only users out of your VM or MVS resources. It's also fair to ask why you would have an inboard directory server in the first place. I see it in some DR/failover-sensitive configurations that want to be able to operate without having to drag the corporate AD/LDAP infrastructure with it. The same reason people still use virtual routers on their Guest LANs with dynamic routing -- all self-contained. Alan Altmark z/VM and Linux on System z Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 alan_altm...@us.ibm.com IBM Endicott ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/