4 Nov
2018
4 Nov
'18
11:58 p.m.
On Sun, Nov 4, 2018 at 11:34 PM Grant Taylor via TUHS <tuhs(a)minnie.tuhs.org>
wrote:
Does anyone have any experience with YP / NIS / NIS+ /
LDAP as a central
directory on Unix?
I'm contemplating playing with them for historical reasons.
As such, I'm wondering what the current evolution is for a pure Unix
environment. Read: No Active Directory. Is there a current central
directory service for Unix (or Linux)? If so, what is it?
I'm guessing it's LDAP combined with Kerberos, but I'm not sure.
As far as I know, LDAP is very much in use in the Linux world – via nslcd
or SSSD as clients; OpenLDAP (blech) or 389-ds as "build from scratch"
servers. There's also FreeIPA which tries to be an integrated solution.
(But even if you seek a pure Linux/Unix environment, I suspect AD is what
keeps LDAP from being replaced – because as long as there are clients for
AD, there will be clients for pure LDAP as well.)
Kerberos exists too, but somewhat less common – FreeIPA includes it by
default, but many people just piggyback on LDAP bind as password-based
authentication and use SSH keys for passwordless (because apparently
protocols other than SSH and HTTPS don't exist anymore). The MIT Kerberos 5
suite is still actively maintained and receives new features, such as
S-PAKE), whereas Heimdal appears to be on life support.
(Speaking of zombies, Linux glibc still comes with Hesiod support built
in...)
Many people's idea of a central directory nowadays appears to be "deploy an
/etc/passwd via Salt or Ansible".
--
Mantas Mikulėnas