Hi! The industry has an interest on providing short-lived product cycles, but in an enterprise environment five to 10 years are not uncommon. Also "new" products are usually full of new bugs, and it's not clear whether they are actually better than what had proved stable over many years. There are even rumors that people using vi are still alive 😉 SSSD has advantages when you are aiming towards MS-Windows IMHO, but (for example) the resource footprint is much larger than that of the old PAM or services method.
Currently we still need those for a few systems that aren't upgraded yet. Kind regards, Ulrich Windl > -----Original Message----- > From: OndÅ™ej KuznÃk <[email protected]> > Sent: Tuesday, May 6, 2025 2:52 PM > To: Windl, Ulrich <[email protected]> > Cc: Stefan Kania <[email protected]>; openldap- > [email protected] > Subject: [EXT] Re: Re: Re: changing password with otp active > > On Tue, May 06, 2025 at 12:11:34PM +0000, Windl, Ulrich wrote: > > that's correct for modern systems, but older systems may deal with the > > shadow attributes only. > > SSSD et al.[0] have existed for well over a decade. Are there > supportable systems that you can connect to an LDAP directory > but can't use one of these tools on? > > [0]. And even nslcd can interact with ppolicy. > > -- > OndÅ™ej KuznÃk > Senior Software Engineer > Symas Corporation http://www.symas.com > Packaged, certified, and supported LDAP solutions powered by OpenLDAP
