On 16/05/17 14:20, Stephen Gallagher wrote: >> apparently *designed* with philosophy much like that of systemd. It's >> supposed to be a unified set of tools replacing a lot of already >> existing functionality, and adding some useful features. >> Unfortunately, its unifying multiple service and multiple host >> authentication doesn't seem to have become popular: Most folks I've >> seen using Kerberos and LDAP, which sssd was designed to integrate, >> have simply ignored sssd and gone straight to the more multi-platform >> supported Samba. > > Just a reminder: anecdotes do not equal rigorous data :) > > SSSD is in extremely wide use around the world and is the preferred > LDAP/Kerberos client option in all of the major Linux distributions.
Just to backup this a bit further. Those integrating with AD, will also most likely take advantage of LDAP/Kerberos as well. Kerberos is the only authentication scheme I know of which also enables a truly working SSO solution, which tackles the full stack from localhost login to various network services. In addition, SSSD provides a possibility to cache authentication details so you can have laptops fully integrated with an LDAP/Kerberos environment, provide a centralized password policy and yet be able to do local authentication if the LDAP/Kerberos backends are unavailable. And then there is the support for OTP based authentication, which it also seems to be handled quite well regardless if you are online or not. From my perspective, SSSD solves more issues than what nscd is capable of, at least to how I've learnt to know nscd. And my experience with computers enrolled into a FreeIPA managed network have overall just been a wonderful and easy experience. -- kind regards, David Sommerseth
signature.asc
Description: OpenPGP digital signature
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
