[Novalug] Systemd example
James Ewing Cottrell III
JECottrell3@Comcast.NET
Fri Jul 17 02:36:18 EDT 2015
On 7/8/2015 7:55 PM, Bryan J Smith wrote:
> James Ewing Cottrell III via Novalug wrote:
>> Um...SSSD does all that stuff for you, does it not?
>
> Depends on what they want to do. But yes, SSSD can handle several use
> cases of updating the keytab for a system. But it all depends on what
> principle they expect from the KDC.
As much as I hate to admit it, I expect the KDC to be AD. In general, I
deplore allowing Windows machines to run Infrastructure Services, but
now that I have experienced the Joy of giving up the Password File, I'm
not going back. Everyone runs an AD anyhow, and Every User is there.
I'll just edit /etc/security/access.conf...way easier.
> In any case ...
>
> I've given up on people using OpenLDAP Server and OpenLDAP Server
> only, for whatever reason they have.
Me too. It was Fun back in the day, but I'm Done with it too.
> They don't know or won't
> consider 389 Server, the 100% open source lineage of Netscape iPlanet
> since 2005, not even migrating to it from OpenLDAP, and having
> multi-master replication built-in.
MMR sounds good, and I may even have used iPlanet.
> (and I'm not even addressing IPA, which is what most people want, and
> does Kerberos "for free)
OK, so how much of an "Active Directory Killer" is IPA?
> But to each their own, they have their own reasons for whatever they use.
>
> -- bjs
More information about the Novalug
mailing list