[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

caching in Apple authentication mechanisms?

Subject: caching in Apple authentication mechanisms?
From: Albert Lunde <email@hidden>
Date: Tue, 6 Apr 2004 09:02:25 -0500

We are trying to find out to what extent various authentication
mechanisms available though Apple OpenDirectory cache user status.

The context of this question is that we are trying to decide how to
autheticate departmental MacOSX labs and computer clusters against our
central authentication services.

From a policy viewpoint, we'd like password changes or account
activation/deactivation to take effect in a timely way.

Implementation efficency probably dictates some caching, we'd like to
know more about how much caching is done under what circumstances.

The main altervatives we are considering are:

(1) use of LDAP bind with SSL using the LDAPv3 plugin against our
central LDAP server

(2) use of the Active Directory plugin against a school-level Active
Directory forest

(3) MIT Kerberos against our central Kerberos server (or maybe Active
Directory)

(In all these cases, there will most likely be a different local LDAP
server providing cluster-specific information for things like groups
and Apple's management extensions.)

(We are most likely talking about use of 10.3.x)
--
Albert Lunde email@hidden
email@hidden (new address for personal mail)
email@hidden (old address)
_______________________________________________
maclabmanager mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/maclabmanager
Do not post admin requests to the list. They will be ignored.

Prev by Date: Re: Dual NIC's on an OS X server
Next by Date: 10.3.3 SMB, Windows print queues
Previous by thread: Re: Restore CD applications extractor?
Next by thread: Re: caching in Apple authentication mechanisms?
Index(es):
- Date
- Thread

Home