ldap or nis ... any pref?
What else can I ask, the subject say's it.
We have 10 box's here, a VPN tunnel to our 2 racks at our ISP, and rather than ssh with key's all over, we want a single login spot. Since I have not used anything like this in the past, I figured OpenLDAP (in theory) would do it, then someone passed by saying look at NIS. Have I mentioned I haven't done either, looked a bit, then got into the slapd.conf which became quite a bit, so figured I would consult the best group of people out there (flattery never hurt), asking for ideas, or just some feedback. I have googled, read, etc. but a lot of the stuff on ldap is 2003, etc. so figured someone here would have some newer feedback. As always, thanks. |
I already try both, and there is not an easy answer (as always). both have pros and cons you need to think about.
I started with nisplus in Solaris and after a while in linux too. The major problem I faced with nisplus is when the nisserver crash for any other reason, not related to NIS, let say, a drive failure. Even with one or two nis-replicas the things are problematic. There are delays when one try to login or access a object which depends on NIS. The things becomes worse if the nis-replicas are rebooted. Complete lock-down ! LDAP is more robust in this aspect. Even with the master database out-of-business, the clients can access the backup databases and even changing objects/properties. The main problem with LDAP is several services/programs does not have a ldap interface/integration. In this case, you need to handle one or more proprietary/legacy user information database. The Single Sign On still is a Holly Graal I am looking for, specially in an heterogeneous environment (open source/proprietary platforms). |
All times are GMT -5. The time now is 03:00 AM. |