On Tue, Feb 05, 2008 at 05:32:48PM +0200, Lars Nood?n wrote: > > Obviously you've had no contact with AD or the cruftware it is infesting. >
Looks like you have not had much either. > So what standards-based authentication service would you propose besides > LDAP+Kerberos? Hesiod? Shibboleth? > AD is based on standards. They use LDAP+kerberos plus a bit of DNS to allow the kerberos to locate the kerberos infrastructure automatically - something that the non-windows world sadly lacks. The database is automatically replicated with tombstoning of records - again something the non-windows world lacks. MS may have bastardised some parts of kerberos and DNS to get AD working but it mostly works pretty much automatically and can scale up without requiring too much extra admin, something I have yet to see happen in the opensource world. I don't like AD but, big picture wise, it does have some attributes that would be good to adopt (attributes, not implimentation). Bagging it without offering a solid alternative is just pointless rhetoric. But given the domain you appear to be posting from I guess there is already somewhat of a mindset going on anyway. -- Brett Lymn "Warning: The information contained in this email and any attached files is confidential to BAE Systems Australia. If you are not the intended recipient, any use, disclosure or copying of this email or any attachments is expressly prohibited. If you have received this email in error, please notify us immediately. VIRUS: Every care has been taken to ensure this email and its attachments are virus free, however, any loss or damage incurred in using this email is not the sender's responsibility. It is your responsibility to ensure virus checks are completed before installing any data sent in this email to your computer."