[Novalug] Systemd example

James Ewing Cottrell III JECottrell3@Comcast.NET
Fri Jul 17 02:36:18 EDT 2015


On 7/8/2015 7:55 PM, Bryan J Smith wrote:
> James Ewing Cottrell III via Novalug wrote:
>> Um...SSSD does all that stuff for you, does it not?
>
> Depends on what they want to do.  But yes, SSSD can handle several use
> cases of updating the keytab for a system.  But it all depends on what
> principle they expect from the KDC.

As much as I hate to admit it, I expect the KDC to be AD. In general, I 
deplore allowing Windows machines to run Infrastructure Services, but 
now that I have experienced the Joy of giving up the Password File, I'm 
not going back. Everyone runs an AD anyhow, and Every User is there.

I'll just edit /etc/security/access.conf...way easier.

> In any case ...
>
> I've given up on people using OpenLDAP Server and OpenLDAP Server
> only, for whatever reason they have.

Me too. It was Fun back in the day, but I'm Done with it too.

> They don't know or won't
> consider 389 Server, the 100% open source lineage of Netscape iPlanet
> since 2005, not even migrating to it from OpenLDAP, and having
> multi-master replication built-in.

MMR sounds good, and I may even have used iPlanet.

> (and I'm not even addressing IPA, which is what most people want, and
> does Kerberos "for free)

OK, so how much of an "Active Directory Killer" is IPA?

> But to each their own, they have their own reasons for whatever they use.
>
> -- bjs




More information about the Novalug mailing list