Most sizeable organizations would like a single logon, if possible. I know of three possible solutions.

NIS has long been used in the *nix world for centralizing authentication, but I'm not sure how well it does in an environment similar to a typical Windows domain, where there may be hundreds of desktop clients to authenticate logons for. Plus I don't know if there is anything that lets Windows clients authenticate through NIS.

Samba is quite capable, and works ok for me, though I've just one Windows box and two Red Hat boxes on my home network. I've heard that a *nix box running Samba can easily outperform a Windows domain controller. I believe that *nix boxes can use Samba authentication but I don't know how often it is used for this in practice.

LDAP is used a lot in large corporate networks, especially for corporate directories, including at my place of employment. I've seen a couple of articles about using LDAP authentication, but don't know if it's used for that at many places.

I'd like to hear people's thoughts and experiences here. Do you see anything that is likely to be a successful single point of authentication? Is the use of LDAP for authentication likely to become widespread? I know that Samba can be a PDC for Windows, but anybody seen it also used for *nix authentication?

One more question: As I've said, my home network has two linux machines, a workstation and a server (both RH 7.3). The server is an NIS master and the workstation also serves as an NIS slave server. The weird error that I get with NIS is that frequently when I open a terminal on my workstation I get "I have no name" for a prompt and if I do a "whoami" I get something like "I don't know who user# 500 is". Then if I su to root and restart the ypbind daemon (on the workstation) all is good again. I've checked and the daemon was not stopped, but restarting it fixes the problem. This is an intermittant problem, don't know a common theme for when it occurs. On the NIS domain master server (named galveston) if I tail /var/log/messages I see entries like this: "galveston ypserv[27003]: refused connect from 127.0.0.1:45731 to procedure ypproc_match" and like this: "galveston ypserv[27003]: refused connect from 192.168.1.102:32809 to procedure ypproc_match". The 192.168.1.102 is the client workstation's IP. The client also is an NIS slave server, so you'd think that if there was a glitch communicating to the master it'd ID my user itself. Any ideas about this?

Thoughts about any of these questions are welcome.

LDAP looks like the way to go to me.

does seem to be a big thing now. NIS seems to have stagnated. The Samba developers have made some impressive achievements, seems like maybe a better long term bet than NIS if it brings some of the active directory functionality to *nix.

David, have you used LDAP for authentication or seen any good introductory articles on that subject? One article that I saw seemed pretty interesting, but the complexity was probably greater than that for compiling and installing your own Gnome or KDE desktop. I don't mind the old configure, make, make install routine, but don't really want to tackle a 3 month bleeding edge project.

We are using LDAP at work for everything except dialup access.

They should have had the dialup access on LDAP by now but they had some delays setting it up.

we have over 30,000 dialup accounts

That's a bunch. I'd heard that LDAP scales really well.

Guess I ought to try loading Open LDAP and play with it some.