[Gllug] Linux-only companies
JLMS
jjllmmss at googlemail.com
Thu Sep 15 14:49:27 UTC 2011
On 26 August 2011 08:34, Richard W.M. Jones <rich at annexia.org> wrote:
> On Fri, Aug 26, 2011 at 12:07:26AM +0200, Gerardo Fernandez wrote:
>> I know how Windows companies work. A domain and user accounts, so
>> employees can use different computers and still access their folders,
>> use printers, etc. Group policies also come handy in many cases.
>>
>> But how do Linux-only companies go about it? Do they try to set up a
>> similar environment using Samba, ldap, NFS, etc. or do they use a
>> completely different approach?
>
> Young 'uns ...
>
> Windows didn't invent directories. Unix had NIS and NFS since 1985
> (although NIS was called "Yellow Pages" at that time), before Windows
> was even written. Kerberos, part of the MIT Athena project, dates
> from roughly the same period.
>
> NIS/NIS+ (with or without NFS) is one approach that can still be used
> today. KRB5 can also be used on its own. But you might want to look at:
>
> http://freeipa.org/
>
> Rich.
>
Not NIS, it does not incorporate encryption out of the box and access
to data in the NIS tables is rather lose.
NIS+ has much better control of security and segregation of
administration duties (a normal user can modify NIS+ objects if the
correct permissions are granted) but the encryption strength is no
longer considered safe in certain environments (banking and I suppose
defence).
The last solution I have seen in Production used a set of kerberos
servers for authentication of users and then LDAP as the name
directory (Windows and UNIX/Linux were kept apart, it had happened in
the past that services entrusted to Windows machines were brought down
by a virus infection, so it was decided that the machines actually
earning the company's living should not rely on Windows servers at
all).
There are commercial products that claim to unify authentication
and/or name services but I have not used any of them....
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list