Mantas Mikulėnas grawity at gmail.com
Mon Nov 5 08:58:53 AEST 2018

On Sun, Nov 4, 2018 at 11:34 PM Grant Taylor via TUHS <tuhs at minnie.tuhs.org>

> Does anyone have any experience with YP / NIS / NIS+ / LDAP as a central
> directory on Unix?
> I'm contemplating playing with them for historical reasons.
> As such, I'm wondering what the current evolution is for a pure Unix
> environment.  Read:  No Active Directory.  Is there a current central
> directory service for Unix (or Linux)?  If so, what is it?
> I'm guessing it's LDAP combined with Kerberos, but I'm not sure.

As far as I know, LDAP is very much in use in the Linux world – via nslcd
or SSSD as clients; OpenLDAP (blech) or 389-ds as "build from scratch"
servers. There's also FreeIPA which tries to be an integrated solution.
(But even if you seek a pure Linux/Unix environment, I suspect AD is what
keeps LDAP from being replaced – because as long as there are clients for
AD, there will be clients for pure LDAP as well.)

Kerberos exists too, but somewhat less common – FreeIPA includes it by
default, but many people just piggyback on LDAP bind as password-based
authentication and use SSH keys for passwordless (because apparently
protocols other than SSH and HTTPS don't exist anymore). The MIT Kerberos 5
suite is still actively maintained and receives new features, such as
S-PAKE), whereas Heimdal appears to be on life support.

(Speaking of zombies, Linux glibc still comes with Hesiod support built

Many people's idea of a central directory nowadays appears to be "deploy an
/etc/passwd via Salt or Ansible".

Mantas Mikulėnas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20181105/46bd8f7d/attachment.html>

More information about the TUHS mailing list