[TUHS] YP / NIS / NIS+ / LDAP
grawity at gmail.com
Mon Nov 5 08:58:53 AEST 2018
On Sun, Nov 4, 2018 at 11:34 PM Grant Taylor via TUHS <tuhs at minnie.tuhs.org>
> Does anyone have any experience with YP / NIS / NIS+ / LDAP as a central
> directory on Unix?
> I'm contemplating playing with them for historical reasons.
> As such, I'm wondering what the current evolution is for a pure Unix
> environment. Read: No Active Directory. Is there a current central
> directory service for Unix (or Linux)? If so, what is it?
> I'm guessing it's LDAP combined with Kerberos, but I'm not sure.
As far as I know, LDAP is very much in use in the Linux world – via nslcd
or SSSD as clients; OpenLDAP (blech) or 389-ds as "build from scratch"
servers. There's also FreeIPA which tries to be an integrated solution.
(But even if you seek a pure Linux/Unix environment, I suspect AD is what
keeps LDAP from being replaced – because as long as there are clients for
AD, there will be clients for pure LDAP as well.)
Kerberos exists too, but somewhat less common – FreeIPA includes it by
default, but many people just piggyback on LDAP bind as password-based
authentication and use SSH keys for passwordless (because apparently
protocols other than SSH and HTTPS don't exist anymore). The MIT Kerberos 5
suite is still actively maintained and receives new features, such as
S-PAKE), whereas Heimdal appears to be on life support.
(Speaking of zombies, Linux glibc still comes with Hesiod support built
Many people's idea of a central directory nowadays appears to be "deploy an
/etc/passwd via Salt or Ansible".
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the TUHS