Centralized user-database: LDAP vs. KerberosV5 vs. AFS
I try to evaluate wich is THE user database and login system.
I read many docs and tried it for myself. I ask here for your thoughts about
that. First some of mine:
LDAP: This is deffinitly a cool method. Its very simple and very secure due
its high SSL encryption. And through the possibility of NSS_LDAP virtually
every application will automatically support that and due the nature of LDAP
you are able to store all sort of information about the user in the LDAP
KerberosV5: Also a somewhat simple method. Also (very) secure. Has a different
approach (its ticket system). Is fully compatible with AFS. Perhapps
compatible with other systems like Win32. But you still need a passwd file to
store special user data, right?
AFS: The old approach. Somewhat secure. Is also (no, really? :-) ) compatible
with AFS. It uses a modified Krbv4 system. It should be also very protable
through all sorts of Unixes and Win32. Need of a passwd file.
Conclusion: Out of this information i would prefer the LDAP Approach but what
is if you want to use AFS as distributed filesystem and LDAP as
user-database? Then you need to maintain 2 user-databases or is there a way
to get AFS working with LDAP?
You see, there are lots of points to view at! Have i missed an important other
RFC and experiences.
Raffaele Sandrini <firstname.lastname@example.org>
Annoyed about M$ Windows? Don't worry. Try Linux! (www.linux.org)