[ale] Enterprise Authentication

James P. Kinney III jkinney at localnetsolutions.com
Mon Jul 19 07:43:01 EDT 2004


On Sun, 2004-07-18 at 23:10, Jeff Hubbs wrote:
> What's the thing to use for managing user authentication in mixed
> Windows/UNIX/Linux environments these days?
> 
> I'm familiar with:
>   
>   LDAP

Ick. Good for shared address books.

>   Kerberos (isn't MS' implementation broken?  What are the issues?)

M$ did their "embrace and extend" routine and put all of the "real"
tokens in a separate field not yet designated for use. The Samba crowd,
of course, reverse engineered it. See about halfway down this page:
http://lists.samba.org/archive/samba/2003-October/075779.html

>   MS Active Directory (is that MS-only?  if not, too risky to use?)

AD is the biggest load of horse crap! As soon as it gets in the door,
things get ugly. Not only _must_ you have multiple auth servers, but
they pretty much MUST not do anything else but sit there waiting for the
main server to fall over. The process of keeping things in sync seems to
consume all their horsepower and bandwidth (it _is_ a M$ machine!). Yes,
AD make user management easy (Until someone is fired and their data is
culled from the main machine just before it falls over prior to a sync
and the user logs in updating the records on a backup AD server. Now
when the main server come back online, it will resync with the backup
and replace the missing user setup. Its just like getting the old job
back :)

>   Some Sort of Novell Product
>   Some Sort of [probably abandoned] Banyan product
> 
> Whatcha think? 

Samba3 with domain authentication and netlogon home directories and
Kerberos and NIS/NFS4 for the Unix bunch.

Better yet, make all the M$ client use sneaker net communications to cut
down the virii spread. :)

> 
> - Jeff
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
> 
> !DSPAM:40fb3bc8247195718317084!
-- 
James P. Kinney III          \Changing the mobile computing world/
CEO & Director of Engineering \          one Linux user         /
Local Net Solutions,LLC        \           at a time.          /
770-493-8244                    \.___________________________./
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part




More information about the Ale mailing list