On Sat, 2012-04-28 at 20:19 +0000, Scott Roberts wrote: > Resara Server is another option. It is a drop-in Samba4-based Active > Directory replacement and handles Kerberos. > >
Thank you for everyone's input. I'm trying to stay purely MIT-kerberos here simply for ease of configuration/integration across various platforms, and I have no need for windows services or even authorization at this point. I've come to the conclusion that the ldap backend is going to be necessary due to the use of user lockout features in the policies. With the traditional db2 backend, the last fail, last success, and failed count attributes are not replicated. This isn't immediately an issue until you try to reset those values and have no elegant way of doing it across all KDCs. ~Paul _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
