[Users] Manage users without Red Hat Directory Server or IBM Tivoli Directory Server?
Itamar Heim
iheim at redhat.com
Fri Dec 7 14:56:04 UTC 2012
On 12/06/2012 10:35 PM, Charlie wrote:
> Supporting non-Kerberos LDAP with simple authentication and no DNS
> integration would significantly decrease the work required for people
> like Dennis. Instead of having to set up Kerberos and DNS and an LDAP
> provider that integrates with both, he could just set up a very simple
> LDAP server and use a physically secured network or SSL with
> self-signed keys to protect his authentication traffic.
>
> There are already LDAP servers that use simple backends, including an
> OpenLDAP variant that uses /etc/passwd and /etc/shadow instead of a
> db. If the requirement for Kerberos and DNS directory integration
> were removed, and simple authentication worked, you would be able to
> support pretty much anything out there in the linux/unix world.
>
> That way oVirt wouldn't have to reinvent any wheels, and people like
> Dennis would have significantly less costly and time-consuming
> rebuilding of their networks to do before being able to implement
> oVirt.
I agree. hopefully we'll get to fix this soon.
More information about the Users
mailing list