[Freeipa-users] IMPORTANT: Your input requested: SSSD LDAP Provider vs Winbind
Ondrej Valousek
ondrejv at s3group.cz
Fri Dec 2 15:26:41 UTC 2011
On 12/02/2011 04:06 PM, Stephen Gallagher wrote:
> 1) SSSD caching instead of nscd
Winbind has its own cache. We do not want to implement the yet another one causing confusion, do we?
> 2) Support for multiple AD domains without trust
If needed, winbind itself should provide this functionality.
> 3) One-to-one mapping of identity domain to authentication domain (so
> you're not exposing your password to multiple authentication domains
> until you find the right one, as with traditional PAM).
Yes, That's true, but honestly, who is using it, is it worth the effort?
I am not saying no, of course, everything has its own special use. What I think that we need is the *simplicity*. We need to have a clear
and simple rules where to go if windows/ipa/... backend is needed. Most system admins see sssd as a cleverer libnss_ldap.so provider - and
that is how it should stay, I believe....
Ondrej
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s).
Please direct any additional queries to: communications at s3group.com.
Thank You.
Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073.
Registered Office: South County Business Park, Leopardstown, Dublin 18
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20111202/64ceb068/attachment.htm>
More information about the Freeipa-users
mailing list