Network nirvana [Re: Since Fedora is not aimed at enterpise/business ..]
Chris Ricker
kaboom at gatech.edu
Wed Oct 1 21:13:20 UTC 2003
On Wed, 1 Oct 2003, Owen Taylor wrote:
> That may be the case currently, but why does it have to be that
> way? What we are talking about is fundamentally pretty simple:
>
> - Central user database
> - Single sign-on passwords
> - Secure network exported home dirs
There's your problem. Secure distributed single sign-on protocols (like
krb5) are NOT simple. Sure, more documentation is needed (there's only one
in-print Kerberos book, and it doesn't really say a whole lot, for example)
but documentation only gets you so far.... krb is inherently more involved
to set up or trouble-shoot than, say, NIS, and that's not really changeable
given krb's architecture (and any replacement protocol will likely have to
be just as complex, given everything a secure distributed authentication
protocol has to protect against).
later,
chris
More information about the fedora-devel-list
mailing list