John Jasen wrote: > Yves Dorfsman wrote: >> Richard Chycoski wrote: >> >> >>> AD is solid, scalable, and well supported. There *are* some gotchas if >>> you are looking for 100% LDAP compatibility, but for authc/authz (login, >>> groups, etc.) nothing else performs quite as well. (I do hope that Open >>> LDAP catches up!) >> What is the advantage of going ldap against AD vs. using kerberos ? > > kerberos is authentication only. LDAP will hold all the stuff you need > to have a functional account. > > At a basic level, I've explained kerberos as a networked /etc/shadow, > and LDAP as a networked /etc/passwd.
Thanks. That makes sense. I have used kerberos "clients" on UNIX against AD, but we were using locally defined accounts. As much as I hate AD for making difficult to use any other vendors DNS and LDAP servers in the same setup, *IF* somebody is using it anyway, then I think it makes a lot of sense to use it for authentication (I'm talking UNIX here). I am surprised it isn't used more... -- Yves. http://www.sollers.ca/ _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
