Motivation


I used NIS for a long time, but NIS simply is outdated. It is not flexible and not secure. So i searched for alternatives. It is always good to inspect how other systems solve a problem to learn the benefits and the drawbacks of these solutions. So i had a closer look at Microsofts Active Directory (AD) and Novells eDirectory. Both consist of a LDAP Server for holding data like usernames, user environment, permissions and so on. AD uses Kerberos to authenticate users, and i think Novell's eDirectory works the same way (anyone knows?). So i tried to figure out if this combination is a good idea in a Linux environment:

Pro:
  • Kerberos is much more secure than NIS. It is a scalable distibuted high availible and very flexible authentication protocol. And it is secure.
  • With OpenLDAP there is a very good open source LDAP server we can use. LDAP itself is also a very flexible protocol.
  • Possible interoperability with other environment. This is the first time Microsoft tries to use standard protocols! So why not honour it and create ineroperability?

Con:
  • Kerberos and LDAP are not easy to understand. The whole environment is (at the moment) not easy to setup.