From owner-freebsd-questions@FreeBSD.ORG Sun Dec 14 10:59:06 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 677C610656A5 for ; Sun, 14 Dec 2008 10:59:06 +0000 (UTC) (envelope-from outbackdingo@gmail.com) Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.224]) by mx1.freebsd.org (Postfix) with ESMTP id 390468FC23 for ; Sun, 14 Dec 2008 10:59:06 +0000 (UTC) (envelope-from outbackdingo@gmail.com) Received: by rv-out-0506.google.com with SMTP id b25so2256211rvf.43 for ; Sun, 14 Dec 2008 02:59:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type:references; bh=0yZOF6iUQq/Mc9+HdpZre5/lQFfL7G2nsmkCL2XASQ4=; b=DSkpncgpxbcl5H/Oo9Cd4yOTccHKPPO+knf0Z1E96LQuOfYUwFhiydFBTNmIl6oxHU 4EPufYorkhM05vaYwJJ4PcWKwIvLN5Nc2j53hnyYm2ZDDc1pBiXCG1MqAXgw9/N04hHt uha4PpE8iz8/wOuJqK5IOLxZjUog+w0FkZaaQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:references; b=dlolQ0g0AQHkQZHNDO342c3fJY5esuzCae9rer5JEdk5TqakPrggfHw0Cc4dCqs4x1 YzJKPeCRJ5pmFHqjft7iIWfmUdTi6PgmpsY+QDyMzLJzHjlpsGF6EhXOV4lKjncQMYZC 28Sakm5Dr4ZRWuCfxvpqXkZUSReHdpO3VtKV0= Received: by 10.141.89.13 with SMTP id r13mr3018920rvl.76.1229252346159; Sun, 14 Dec 2008 02:59:06 -0800 (PST) Received: by 10.140.170.14 with HTTP; Sun, 14 Dec 2008 02:59:06 -0800 (PST) Message-ID: <5635aa0d0812140259y18712a55xb6efbb69fa48f86@mail.gmail.com> Date: Sun, 14 Dec 2008 17:59:06 +0700 From: "Outback Dingo" To: "Da Rock" In-Reply-To: <1229231755.18610.102.camel@laptop2.herveybayaustralia.com.au> MIME-Version: 1.0 References: <20081213090822.GA97581@lpthe.jussieu.fr> <1229231755.18610.102.camel@laptop2.herveybayaustralia.com.au> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: Centralized DB of "system" users X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Dec 2008 10:59:06 -0000 > Wouldn't kerberos be a better alternative? One server (maybe a > replicated backup), and all services authenticate with that. Saves > shadow on the wire... > I think the ulitimate question is going to be at what level of pain does the person wish to suffer to achieve his goals there are numerous ways to do it, though some can be painful, if not experienced. I struggle to get my brain around an environment with mulitple OSes in it, where i would lean towards the LDAP method, though you raise a valid point where kerberos could fit nicely, though Im not sure we are aware of the long term goals or the project where one might be adding in other types of Operating Systems. Then we have the discussion of interoperability. If it stays as in his game plan and doesnt encounter scope creep (not like it doesnt happen) at some time, he might wish to choose the best overall design to implement, again my vote would be LDAP. it is the most globally scaable, relocable and interoperable once its deployed allowing for future growth without a serious amount of pain.