On Sun, 4 Nov 2018, Grant Taylor via TUHS wrote:
Does anyone have any experience with YP / NIS / NIS+ /
LDAP as a central
directory on Unix?
I used NIS a lot in the 90s and early 2000s. I think it continues to be
underrated. The main gripe people had was lack of security but if all of
the hosts were in the same security domain anyway it wouldn't matter.
Integrated very well with NFS on Solaris & Linux for me back in the day.
NIS+ is awful. Let us not speak of it again.
I did a lot of LDAP around 2007-2010. I got quite good at writing
filters as we were using for a lot more than juse user auth.
Most installations I'm seeing today auth to AD, which is of course now
supported.
I'm contemplating playing with them for
historical reasons.
As such, I'm wondering what the current evolution is for a pure Unix
environment. Read: No Active Directory. Is there a current central
directory service for Unix (or Linux)? If so, what is it?
In my experience LDAP is preferred in a pure *nix environment these days.
I've never played much with Kerberos.
There is another option that is largely ignored...
Increasingly *nix systems are managed through orchestration tools like
Puppet or Ansible. One option is to build the user account details from
an AD or LDAP backend on the orchestration server and write it out
locally on the *nix boxes. The *nix boxes just auth locally but still
gain the benefit of dynamically managed users. There are advantages and
disavantages of this outside the scope of this list.
Cheers,
Rob