LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Which directory service to choose for authentication (http://www.linuxquestions.org/questions/linux-server-73/which-directory-service-to-choose-for-authentication-4175446622/)

vahab 01-21-2013 12:29 PM

Which directory service to choose for authentication
 
Hi,

In my workplace we have around 200 Redhat linux and Solaris servers and I want to implement a directory service for authentication of users on the servers. It must be free and have features like limiting a user to logon only on some of the servers not all of them (A feature that OpenLDAP does not have by default - as far as I know).

I would appreciate if you could help me to find an appropriate software.

netnix99 01-21-2013 02:05 PM

vahab,

You can use NIS or NIS+ for authentication and within them, you can use netgroups to limit authentication to servers to a particular group or groups. They both work well with LInux and Solaris (I must admit, I am only using SOlaris 9 and 10, so I cannot speak to how well it works with Solaris 8 or older versions). It is also reasonbly easy to set up if you are familiar with Unix/Linux administration....and they are both Free/OpenSource.

The ypserv (NIS Server) and ypbind(NIS Client) packages are part of RHEL operating systems. I personally run the NIS Server on RHEL.

HTH

vahab 01-22-2013 04:54 AM

Hi,

Don't you think NIS/NIS+ is a little too old to be used ?

netnix99 01-22-2013 07:46 AM

NIS/NIS+ has definitely been around a while, but one thing about it, it's stable. It works well and it is easy to maintain. Like anything else, it all depends on your environment and your security requirements. In my environment, there are many other layers of security in place, so NIS provides a simple, low maintanence, name service to provide and control access to data and servers. I have looked into using LDAP on a few different occassions, but based on my environment and my needs, it doesn't bring enough to the table to justify the work required to transition. Maybe in the future...but not right now.


All times are GMT -5. The time now is 12:51 PM.