On Sun, 2 Jan 2000, Siddhartha Jain wrote:
> Could someone enlighten me about terms like NDS and Active Directory and
> directory services? Does NT have a DNS server ?
DNS: the Internet Domain Name Service. Primarily used for mapping
between Internet host names and addresses. There are a few other host
attributes that may also be provided, including mapping to a
"canonical" name, redirecting mail to another host, operating system type
and version, well-known services provided, etc. but only the first two are
widely used. Project Athena extended the DNS mechanism to provide more
information, under the name Hesiod, but I've told you at least as much as
I know about it. Anything that wants to be taken seriously on the
Internet has this in some form. NT Server includes a DNS server but I've
never used it, nor wanted to.
NDS: Novell Directory Services. Integral to a Novell Netware 4 or
Netware 5 installation. This is based on the X.500 directory service
standards, though it is accessed through a proprietary interface. Hosts
can be defined in NDS, and I suppose someone must have done so, but I've
never seen it done or wanted to do it since Netware servers are located by
other means. NDS primarily stores an extensive set of attributes of
Netware users, user groups, print services, and stuff like that. Novell
would like to see us all use it for everything you can imagine, and has
designed it to be customer-extensible. In addition to the proprietary
interface there is now an LDAP adapter -- it was a free add-on to Netware
4 and I think it is bundled with Netware 5. There are non-Netware
implementations of the NDS client code.
Active Directory: Microsoft's interpretation of the same sort of ideas
embodied in NDS, only much less mature -- a FRS release is currently due
in February 2000. Again, based on X.500, and will probably be used for
the same sort of stuff as NDS is once rollout is complete. I haven't
studied it extensively but it looks like part of it is an overlay on the
ancient LAN Manager domain scheme.
NDS uses X.509 certificates for authentication and AD uses Kerberos, so
interoperation will probably be tricky.
(In addition to wanting to answer the question, I'm exposing my ignorance
of some of these issues in the hope that more knowledgable others will
correct me. I find that's sometimes the quickest way to learn.)
--
Mark H. Wood, radical centrist OpenPGP ID 876A8B75 [EMAIL PROTECTED]
01/01/00 00:00:00 -- Apocralypse Now
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
