I used NIS for a long time, but NIS simply is outdated. It is not flexible and not secure. So i searched for alternatives. It is always good to inspect how other systems solve a problem to learn the benefits and the drawbacks of these solutions. So i had a closer look at Microsofts Active Directory (AD) and Novells eDirectory. Both consist of a LDAP Server for holding data like usernames, user environment, permissions and so on. AD uses Kerberos to authenticate users, and i think Novell's eDirectory works the same way (anyone knows?). So i tried to figure out if this combination is a good idea in a Linux environment:
- Kerberos is much more secure than NIS. It is a scalable distibuted high availible and very flexible authentication protocol. And it is secure.
- With OpenLDAP there is a very good open source LDAP server we can use. LDAP itself is also a very flexible protocol.
- Possible interoperability with other environment. This is the first time Microsoft tries to use standard protocols! So why not honour it and create ineroperability?
- Kerberos and LDAP are not easy to understand. The whole environment is (at the moment) not easy to setup.