[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: linux AD/NDS replacement (was Re: New M$ Storage OS)



On Thu, 11 Sep 2003 fiaid@quasi-sane.com wrote:

> > NIS/NIS+ (both client and server) is also availble for Linux.  Certainly 
> > not an ideal authentication method, but useable.
> 
> you would be better to pour molten lead in your eyesockets after gouging 
> out your eyes with rusty spoons than use NIS.  use the PAM redirection for 
> LDAP and point your LDAP auth at your AD servers if you are running AD.  
> If you are looking for a nonwindows solution, then LDAP is wonderful.  
> Just for the love of god don't use NIS.

I agree, NIS is bad evil stuff.  

Now, the question is, LDAP.  Anyway to prevent root logins from hitting 
the LDAP server?  In particular, from a hashed root pass from hitting the 
LDAP server?

One of our concerns is that a mailing list such as mailman has a user 
named mailman (how original).  We've found that everytime an email is sent 
out an LDAP query is performed, despite the fact that "mailman" exists 
locally.  Is it possible to keep LDAP queries, at least for passwds, from 
happening on UID's below a certain number?  We understand that there will 
need to be or will be some interaction with the LDAP server on certain 
levels.  It just seems like a mighty big performance hit for queries such 
as the mailman one to occur (for both the mail server and the LDAP 
server).

Sean...

--
Believing I had supernatural powers, I slammed into a brick wall.
	--Paul Simon
_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
KG4NRC  http://www.rimboy.com  Your source for the crap you know you need.


-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.