Centralized user-database: LDAP vs. KerberosV5 vs. AFS
Hi
I try to evaluate wich is THE user database and login system.
I read many docs and tried it for myself. I ask here for your thoughts about
that. First some of mine:
LDAP: This is deffinitly a cool method. Its very simple and very secure due
its high SSL encryption. And through the possibility of NSS_LDAP virtually
every application will automatically support that and due the nature of LDAP
you are able to store all sort of information about the user in the LDAP
tree.
KerberosV5: Also a somewhat simple method. Also (very) secure. Has a different
approach (its ticket system). Is fully compatible with AFS. Perhapps
compatible with other systems like Win32. But you still need a passwd file to
store special user data, right?
AFS: The old approach. Somewhat secure. Is also (no, really? :-) ) compatible
with AFS. It uses a modified Krbv4 system. It should be also very protable
through all sorts of Unixes and Win32. Need of a passwd file.
Conclusion: Out of this information i would prefer the LDAP Approach but what
is if you want to use AFS as distributed filesystem and LDAP as
user-database? Then you need to maintain 2 user-databases or is there a way
to get AFS working with LDAP?
You see, there are lots of points to view at! Have i missed an important other
approach?
RFC and experiences.
cheers,
Raffaele
--
Raffaele Sandrini <rasa@gmx.ch>
Annoyed about M$ Windows? Don't worry. Try Linux! (www.linux.org)
Reply to: