On Fri, 2006-06-16 at 15:00 -0300, Fernando Lozano wrote: > I don't know if this would be the optimum set of exams. An Samba admin > would care a lot about winbind and dyndns, while a linux-only admin > would not care at all for those.
Huh? To me, authentication and naming services for UNIX/Linux and Windows clients are _inter-related_. The same mechanisms I use for NFS or SMB or AFS for that matter are the _same_ in an _enterprise_ environment. > But a prerequisite exam about nss and pam and other stuff would be nice. So why don't they go into the "base" LPI 301 exam that covers authentication, directory and naming services that _all_ others rely on? > But i'd put ldap,nis and nfs separate from Samba, And I'd put select Samba portions, including services such as winbindd and nmbd as well as the Samba LDAP schema, in the authentication, directory and naming exam as well. You just "draw the line" where each set of objectives cross from auth/dir/name into file/print to separate the two focuses of the two exams. > so candidates could choose a samba-track or a linux-only > track (or maybe both). So what about that "both" option? And I'm sorry, that "both" option is _very_real_ in the Enterprise. How are you going to address files shared out both NFS and SMB? Do you now add some of those questions to each exam? > About security, I don't see it as a standalone exam. I see lots of > security knoledge that are pre-requisite to samba and nfs/ldap/etc, and > other that are very specific to each track. Of course there's also > advanced security knowledge that would justify a third exam but does not > have prerequisites on samba or nfs/nis/ldap at all. Security is _always_ a part of _all_ exams. Authentication is one of the 7 domains of the SSCP. Access Controls is also one of the 7 domains of the SSCP. Data Communication is yet another one of the 7 domains of the SSCP. Just these first 3 are going to be addressed in _many_ exams. We can't and shouldn't avoid them. However, we can_not_ address _all_ concepts in _all_ exams. So that's where a dedicated "Security" exam would augment, including: - Access Controls like MAC, RBAC, etc... beyond standard DAC - Auditing and Monitoring like Log Analysis, Snort, etc... - Cryptography like key/cert management, etc... beyond standard setup - Etc... If we start looking at MAC and RBAC for the auth/dir/name exam, we'll get off-focus with just SELinux. But a dedicated security exam good look much closer at it. Same deal with log analysis, snort, etc... Especially when these concepts touch many things, collectively. The whole idea for my suggestion on the exams is to keep us from re-addressing the same concepts over and over in different exams. If we make a Samba-only exam, we're going right down that road. I'm sorry, but I've fixed way too many UNIX/Linux networks because someone assumed Samba was the "be all / do all" tool. Enterprise UNIX/Linux networks do _not_ use Samba as their core -- they use Samba _only_ for Windows client integration. To address _real_ interoperability, you have to have a _real_ authentication, directory and naming implementation on your network. Samba can be a piece of that, but it is _not_ it on its own. And that's why people make all sorts of assumptions of what UNIX/Linux is and isn't capable of, or what ADS does but does _not_ actually do. -- Bryan J. Smith Professional, technical annoyance mailto:[EMAIL PROTECTED] http://thebs413.blogspot.com ---------------------------------------------------------- The existence of Linux has far more to do with the breakup of AT&T's monopoly than anything Microsoft has ever done. _______________________________________________ lpi-examdev mailing list [email protected] http://list.lpi.org/mailman/listinfo/lpi-examdev
