On 7 January 2015 at 14:54, Konstantin Olchanski <olcha...@triumf.ca> wrote:
> Yes, thank you for the references to the Red Hat identity management > system. > > Of course it is based on LDAP, but also it requires use of Kerberos > (which we do not have fun with in the AFS/Kerberos environement at CERN), > and "recommended practice" is to have it take over the DNS and NTP > services. > > To me this looks like software designed to manage central IT at IBM > (complete with a full staff of professional sysadmins). > > Too heavy weight (in the number of software components and > in the number of books to read) for running small clusters of 5-10 > machines managed > by non-dedicated non-sysadmin non-IT people. > > Hehe. I remember when 20 years ago people would say the exact same thing about ypbind over some sort of script set which copied everything with root rcp. Those then got replaced by people who had used ypbind somewhere and were comfortable on it. My main concern is that most places I have seen that kept with ypbind get replaced with Active Directory (which FreeIPA is really trying to give an answer for). But in the end, it is your shop and you will do it however it is needed :). -- Stephen J Smoogen.