NIS/LDAP Gateway


Been looking some more into the user administration issues I face when maintaining a few hunderd Linux servers for various people, customers and developers...
Centrify seems to have a nice product that allows me to authenticate Linux users against an (existing) MS Active Directory Server (AD). While that is nice, it is not enough. Granted, their DirectControl family of products covers a lot and is nice, what I miss is the ability to control which user can issue what commands on a Linux/Unix level. That is, DirectControl does not seem to link into the su/sudo/sudoers facilities of Linux.

NIS is a common way to centralize Linux user management on a network and control access to servers, do password management and so on. However, I thought NIS was largely incompatible with more common, cross-platform directory solutions such as LDAP. Even MS AD can talk LDAP! ;) So I was more than happy to discover that PADL provides free toosl to help migrate from flat access files (passwd, NIS, etc.) to LDAP. Even better for enterprise style clients, they also have a commercial NIS/LDAP Gateway. Cool!

I love LDAP. It scales, is cross-platform, has easy tools (win/linux) and is well known and proven. But it only does authentication, not authorization. NIS is great in that it integrates with Linux and adheres to su/sudo/sudoers...

No comments: