LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Red Hat's directory server

Red Hat's directory server

Posted Jun 5, 2005 7:03 UTC (Sun) by komarek (guest, #7295)
In reply to: Red Hat's directory server by giraffedata
Parent article: Red Hat's directory server

One thing the other posters didn't mention: you need your login program to authenticate against your directory. And/or your webserver, ftpserver, whatever. If you put all your user info in a postgres database, will your portal software authenticate against it? Will you need to write the glue code, or does it exist already? If you are using PAM for logins, will PAM support it?

NIS and LDAP are both widely used for login information. NIS support is built into the GNU C library, so that any properly-written program need not be aware of whether NIS is used or not. This includes the login program. More recently, though, PAM handles authentication. It will support both NIS and LDAP. I have no idea if it supports any relational databases. Apache will auth against NIS or LDAP. Plone will auth against LDAP (among others).

So you can't use just any old thing for authentication information, unless you are willing to modify client code.

(Log in to post comments)

Red Hat's directory server

Posted Jun 6, 2005 0:22 UTC (Mon) by giraffedata (subscriber, #1954) [Link]

One thing the other posters didn't mention: you need your login program to authenticate against your directory. And/or your webserver, ftpserver, whatever.

That's what I took the comments about there being a standard for directory services to mean. While there's no reason there couldn't be a standard for authenticating by using a relational database server, there isn't. The protocols that existing login programs, etc. use are directory protocols.

Of course that means a directory server isn't really what you need. What you need is an LDAP server, or a server of whatever other directory protocol your programs use.

The only comment I've seen that says directory servers are useful per se is the one that suggests for a simple directory lookup, a directory server can be more efficient than a general purpose relational database server and a directory protocol easier to use than SQL.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds