linux registry (no, not that again!)

Steve Brenneis sbrenneis at surry.net
Wed Jul 28 09:47:46 UTC 2004 

Without detouring off-topic too far, in certain situations, LDAP
configuration allows for consistency that may be critical. For instance,
in some parallel and clustered systems that share resources like file
systems, memory, and even process space, identical configuration of
users, groups, and other details is essential.

So, for instance, if you are the SA running a 30 node cluster, and you
have to deal with a local registry, you now have to duplicate everything
you do across 30 nodes. Whereas, with LDAP configuration, you perform
the action once. Fewer chances to get it wrong, fewer chances to do
injury to critical enterprise components. Yes, this gives you a single
point of failure, but if this becomes difficult, then you simply run
slurpd on a backup system and in the event of a failure, you need only
change one config file on all your systems and you are back up and
running again.

That's just one example. I'm sure there are more.

On Wed, 2004-07-28 at 04:06, Felipe Alfaro Solana wrote:
> On Tue, 2004-07-27 at 19:24 -0400, Steve Brenneis wrote:
> > Someone will eventually have to answer the question of why this is
> > better than using LDAP, PAM, and/or kerberos. Those are all open
> > standards and well known by a large population of *nix SAs.
> 
> I still don't see the point of either using Linux Registry or LDAP over
> plain-text configuration files. LDAP is a network service, and thus, has
> its inherent problems: keeping local configuration on the network
> creates problems like poor performance, SPoF, DoS, etc.
> 
> Windows uses Active Directory (LDAP + Kerberos, mainly) for
> authentication and to publish Policies and configuration data on the
> network for domain members (computers and users), which are then
> integrated locally and periodically into the Registry of each domain
> member (that's the Applying Policies steps that is performed by WinLogon
> during boot). Domain members DO NOT take configuration data directly
> from the network, but from the local Registry. Trying to gather
> configuration data directly from the network (i.e. LDAP) is a serious
> error, IMHO.
-- 
Steve Brenneis <sbrenneis at surry.net>

More information about the fedora-devel-list mailing list