What is your primary method for managing user passwords on your Linux systems?

Novell Learning Channel

Sign In/My Account | View Cart

Sponsored Developer Resources

Inside Lightroom

Linux Content

Linux in the Enterprise

Security Alerts

Linux Topics

Game Development

Getting Started

Web Design and Development

X Window System

What is your primary method for managing user passwords on your Linux systems?

Files	41.8% (202 Votes)
NIS	4.7% (23 Votes)
NIS+	2.8% (14 Votes)
LDAP	20.4% (99 Votes)
Kerberos	15.5% (75 Votes)
Other	7.4% (36 Votes)
A mix (comment?)	7% (34 Votes)
Total Votes: 483

View Previous Polls

Comment on this poll.
You must be logged in to the O'Reilly Network to post a comment.

Full Threads

Oldest First

Showing messages 1 through 4 of 4.

ldap is not an authentication system
2005-08-31 19:01:03 derekmorr [Reply | View]

People, please stop the insanity. Just b/c you can do an authenticated bind to it doesn't make it a good authentication system. Hell, you might as well use SMTP for login!

ldap is not an authentication system
2005-09-07 11:38:20 tim1724 [Reply | View]

so what's better?

flat files aren't scalable. synchronizing them sucks. For several years we've used a perl script that rebuilt /etc/{passwd,shadow,group} from data in a MySQL database. But installing it on new systems sucked, as it was a lot of work. And it was a real pain to make it work on FreeBSD, which made you jump through hoops whenever /etc/passwd was updated. We've moved to LDAP because every system these days has it built in and adding clients is trivial.

NIS sucks. (no security) NIS+ sucks (broken security, easy to hack, and not present on most systems) .. NetInfo sucks (no security, not present on most systems)

Kerberos is sort of cool. In theory. In real life it just doesn't work. It's too much work to set up, and the users can't figure it out, and most programs don't know about it and can't use it.

LDAP was a royal pain to set up, but now that I have it up and running it works great. And adding new machines is trivial. (except on Solaris .. which doesn't want to talk to OpenLDAP. But it's not too hard to replace Sun's LDAP client with OpenLDAP, and it's not like I'll ever be getting any new Solaris boxes anyway. We're moving to a combination of Linux/FreeBSD/Darwin.)

ldap is not an authentication system
2005-09-25 10:22:59 derekmorr [Reply | View]

How is Kerberos hard to setup? I can setup a KDC in about 10 minutes.

What is there for users to figure out? If you setup kerberized login, users will get tickets at login. And many apps (email, ssh, web browsers, etc) support kerberos already.

ldap is not an authentication system
2005-09-11 12:44:33 jfenal@free.fr [Reply | View]

You just need a small patch to allow Solaris access OpenLDAP directories.

See there: http://www.openldap.org/lists/openldap-software/200009/msg00210.html

Showing messages 1 through 4 of 4.

What password change process do you use on your Linux systems?

View previous polls