Subject: Re: Centralized User and Password Management
From: Luke Mewburn <lukem@NetBSD.org>
Date: 11/24/2004 16:44:10
Content-Type: text/plain; charset=us-ascii
On Wed, Nov 24, 2004 at 12:18:43AM -0500, Chuck Swiger wrote:
| Thomas T. Thai wrote:
| >I'm curious what people are using to centralize authentication and use=
| >password, and services management. What are your thoughts on each? I'm=
| >aware of these Open Source solutions:
| >- NIS (YP) - insecure
| >- Hesiod + Kerberos
| The next two candidates would be LDAP and maybe even Apple's NetInfo.
Another possibility in the near future:
Active Directory Services from a Microsoft Windows 200x Server
It's implemented on top of LDAP + Kerberos 5.
You can use kinit to get krb5 tickets from an ADS server in NetBSD.
Once NetBSD has PAM, it will be possible to port Samba's pam_winbind
module to NetBSD for authenticating users using their ADS account
details. (We also need the nsswitch nss_winbind.so module, which
I have working privately and intend to feedback into the Samba3
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (NetBSD)
-----END PGP SIGNATURE-----