[Freeipa-users] Desperate help requested.
Natxo Asenjo
natxo.asenjo at gmail.com
Mon Aug 27 12:17:30 UTC 2012
On Sun, Aug 26, 2012 at 6:05 AM, KodaK <sakodak at gmail.com> wrote:
> I've just been informed by my boss's boss's boss that, and I quote
> from his ridiculous email:
>
> "we cannot use anything other than MS AD for authentication"
>
> I've spent months of time and much effort rolling out IPA,
> consolidating authentication across our Linux and AIX machines. To
> paraphrase Babbage: I am not able rightly to apprehend the kind of
> confusion of ideas that could provoke such a statement.
>
> Regardless, I need some help. I need some help with comparisons
> between FreeIPA and AD, and the problems and issues one might
> encounter when trying to authenticate Unix machines against AD.
> Anything that can show IPA being superior to AD for *nix
> authentication. Anything at all. We have a similar number of AIX and
> Linux servers. We have a week before we have a meeting to discuss
> this, and I'd like to be armed to the teeth, if at all possible.
>
hi,
you need to explain to upper management why using IPA your company will
save money. They usually understand that sort of talk.
Write a business case. In the documentation (both from RHEL and from
freeipa.org) you will get plenty of useful info.
Magnify the points where AD comes short for your user case (selinux, sudo,
automounts, service credentials management - having used ktpass.exe I was
amazed at how nice the keytab capabilities are from ipa-, hostgroups, ssh
public key management, ..., the list goes on and on). Explain that *that*
will not change and how much money it will cost your business (admin hours,
security risks, missed compliance).
Explain why the future is in the trust model in ipa v3.
Explain that Windows admins are not expected to run a Windows network
without AD, so why are Linux/AIX admins expected to run a network without a
proper Linux/AIX identity management solution.
I feel your pain and can understand why you are upset, but try not to take
this all personally. In the end, it is not your network.
Regards,
Natxo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120827/52437e85/attachment.htm>
More information about the Freeipa-users
mailing list