Posted Mar 23, 2012 9:15 UTC (Fri) by phajdan.jr (subscriber, #83686)
In reply to: Bizarre by ringerc
Parent article: Shadow hardening
I think the main problem with LDAP is the complexity. I agree that in environments with many machines centralizing account management is very important. However, in smaller setups it may just not be worth it.
By the way, hardened-shadow is not just about splitting /etc/shadow into a directory tree and switching from SUID binaries to SGID ones. Utilities like login, su, passwd, useradd, groupadd are also re-implemented, and are smaller than their shadow-utils counterparts.
The above makes it possible to make those tools work more seamlessly with LDAP (if that makes sense), maybe addressing your point. Feedback and patches are welcome - feel free to post to MLs listed at http://code.google.com/p/hardened-shadow/ .