toni.heinonen at gmail.com
Tue Oct 31 16:10:13 GMT 2006
On 10/31/06, Jerry Haltom <wasabi at larvalstage.net> wrote:
> > Actually, you want to use pam_winbindd, and have winbindd handle the
> > ticket management.
> I'm all for using Winbind, but I have to question the long term
> feasibility of doing so. Yes, our first goal is AD... because that can
> get us market share. But it's not our last goal.
Good ideas all and all, but why are we keen on building a
Kerberos/LDAP -solution that wouldn't be compatible with winbind on
the client side, as well as Windows workstations?
And on the NSS side, Winbind's solution is ready, mature and quite
featureful, whereas getting an LDAP NSS module to do the work would
require way too much to get it to even edgy+2, if this project doesn't
get big boost from Canonical.
And on the PAM side, the new winbind PAM module knows how to do
credential caching, so that again would simplify the implementation
Because of some of these reasons, SuSE, which I believe is the distro
furthest on this road, chose winbind. Naturally they didn't want to
lock in, but that's why they have an easy and simple configuration
tool to set the authentication up to your environment. (We need this
anyway, so why shouldn't winbind be one of the options it provides?
Why do we have to use "clean LDAP/Krb"?)
And finally, if you're fixated on getting a simple and static
PAM/NSS-solution, you'll probably have to start creating proxy
PAM/NSS-modules, which doesn't quite make sense considering you're
solving the problem that PAM/NSS was supposed to solve. That's why PAM
and NSS are modular: so you can have multiple modules that implement
http://tonih.iki.fi/ ~ http://blogit.helsinki.fi/toni.heinonen/
"The progress of a dynamic civilization depends on the special people
who make play out of work. In their all-absorbing passion, they create
the variations that, through trial and error, become the sources of
progress. They make the discoveries that drive the infinite series."
- Virginia Postrel
More information about the Ubuntu-directory