LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Interview: Kristen Carlson Accardi

LWN.net Weekly Edition for July 24, 2008

Tracing: no shortage of options

Interview: Wind River's John Bruggeman

LWN.net Weekly Edition for July 17, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Bake-Off: 4 Linux Desktops Tackle The Enterprise (CRN)

Bake-Off: 4 Linux Desktops Tackle The Enterprise (CRN)

Posted Mar 26, 2007 22:25 UTC (Mon) by muwlgr (guest, #35359)
In reply to: Bake-Off: 4 Linux Desktops Tackle The Enterprise (CRN) by drag
Parent article: Bake-Off: 4 Linux Desktops Tackle The Enterprise (CRN)

You are right that PAM as a whole does not give a simple modular solution for Kerberos implementation&deployment. As we know, Kerberos is not just "one of" multiple auth.mechanisms. It wants to be "the" auth.mech. So applications-clients should be "kerberized" as well to support auth.cred.forwarding with optional fallback to traditional login/password. Not PAM, not even SASL are helpful in that. Only GSSAPI, with non-trivial application reworking, and today Kerberos is the only implemented underlying GSSAPI mechanism. I tried to deploy Kerberos "in pilot mode", so I think I had learned it to some degree.

Of course I look at Samba4 previews from time to time. Final Samba4 version would be good for Windows clients, but in most cases the final task is to get rid of Windows ! What adequate functionality is provided for Unix/Linux "workstations" logon ?

PKI with something like ssh passwordless logons - great, but much more client functionality still has to be developed on top of it.

BTW, we are digressing by misleading article title. See markhb note from Mar 26, 2007 17:25 UTC, I think he is right :>

(Log in to post comments)

Bake-Off: 4 Linux Desktops Tackle The Enterprise (CRN)

Posted Mar 26, 2007 23:12 UTC (Mon) by drag (subscriber, #31333) [Link]

Ya he is.

I don't know how true it is, but I read once about one of the main reasons Microsoft was able to trounce Novell for workgroups back when they released Windows 2000 and AD.

So Novell had directory system stuff locked down pretty well in a technical way AND they released it well in advance to Active Directory.

However adoption was slow because going from a flat file server system for workgroup computing to a directory system setup were you not only have C and D drive and such you have OU's and different positions in the directory system to take account of was to much for most people to handle. So most people were happy to stick with their existing Novell servers.

So resellers and such weren't making much money from Novell.

However here comes Windows 2000 and Active Directory, which is the bee's knees according to Microsoft and numerous articles and such.

So all of a sudden those same resellers and such are pushing Windows and Microsoft very hard because they are making huge commisions off of convincing people to drop a huge amount of money in changing their infrastructure from older Novell workgroup servers to the new Windows 2000-based solutions.

So if this story is true then this illistrates is one of those huge problems faced by Linux commercial distributions. The sales folk that are targetting businesses, governments, and educational institutions have a vested interest in convincing their customers to keep Windows, not because it's better, but because it's _more_expensive_. They make money from commisions, not by saving their customers money.

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.