Edward Ned Harvey wrote: >>> What is the advantage of going ldap against AD vs. using kerberos ? >>> >> OpenLDAP/kerberos works swimmingly on Linux and Mac, and has >> cheap failover options; I've not gotten a non-AD LDAP/kerberos >> > > I'm currently able to use either LDAP or Kerberos on Linux, against the AD > structure. It works well, except ... If you want to do this on a laptop, > and leave the network. > > I posted this thread in another group too, and the suggestions both came up: > PADL > Or > Centrify > A third is VAS from Quest.
I haven't tried PADL lately, but it was well on its way to doing this a few years ago. You need LDAP caching turned on, whichever product you choose. Some of the products control how much of the LDAP data that you cache - typically either 'just what you've used so far' or 'everything in the directory'. The former is safer for laptops (don't carry the whole store with you out the door!), and the latter is usually more appropriate for servers (don't keep looking things up every time someone references a new item). - Richard _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
