On Sun, Nov 4, 2018 at 11:34 PM Grant Taylor via TUHS wrote: > Does anyone have any experience with YP / NIS / NIS+ / LDAP as a central > directory on Unix? > > I'm contemplating playing with them for historical reasons. > > As such, I'm wondering what the current evolution is for a pure Unix > environment. Read: No Active Directory. Is there a current central > directory service for Unix (or Linux)? If so, what is it? > > I'm guessing it's LDAP combined with Kerberos, but I'm not sure. > As far as I know, LDAP is very much in use in the Linux world – via nslcd or SSSD as clients; OpenLDAP (blech) or 389-ds as "build from scratch" servers. There's also FreeIPA which tries to be an integrated solution. (But even if you seek a pure Linux/Unix environment, I suspect AD is what keeps LDAP from being replaced – because as long as there are clients for AD, there will be clients for pure LDAP as well.) Kerberos exists too, but somewhat less common – FreeIPA includes it by default, but many people just piggyback on LDAP bind as password-based authentication and use SSH keys for passwordless (because apparently protocols other than SSH and HTTPS don't exist anymore). The MIT Kerberos 5 suite is still actively maintained and receives new features, such as S-PAKE), whereas Heimdal appears to be on life support. (Speaking of zombies, Linux glibc still comes with Hesiod support built in...) Many people's idea of a central directory nowadays appears to be "deploy an /etc/passwd via Salt or Ansible". -- Mantas Mikulėnas