[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: unwanted loading of libnss_nis.so in etch

On Fri, Feb 16, 2007 at 11:54:59AM +0100, Petter Reinholdtsen wrote:

> If only LDAP had client side server failover like NIS.

In theory, it has, you can specify multiple server URIs in the config
file. In practice the OpenLDAP client libraries do not handle failover
very well (at least not in the past, things may have changed).

> It would make
> it easier to switch to LDAP for us.  We would still need the compat
> mechanism to control machine access.

Using the compat module for authorization decisions is a gross hack.
With NIS you don't have much choice but with a well-designed LDAP setup
you can nicely decouple the authorization decisions from user
identification.

Gabor

-- 
     ---------------------------------------------------------
     MTA SZTAKI Computer and Automation Research Institute
                Hungarian Academy of Sciences
     ---------------------------------------------------------
Reply to: