In an environment with more than a few Linux servers, managing users, groups,
and other information securely across those systems is critical. Pluggable
Authentication Modules (PAM) and the Lightweight Directory Access Protocol
(LDAP) give administrators a way to accomplish this without having to
distribute flat files or rely on RPC services, such as the insecure Network
Information Service (NIS).
LDAP is a very mature protocol supported by everyone from Microsoft to IBM
and Oracle. And reference implementations, such as OpenLDAP, have been
available since the mid-'90s. PAM bridges the gap between traditional Unix
and Linux login functionality and LDAP-enabled directory servers without
requiring that applications or services be recompiled or reconfigured.
Aside from the obvious benefit of centralized storage and secure access,
using LDAP has other key benefits depen... (more)
To quote the Scarecrow from the Wizard of Oz, "There are pieces of me here.
There are pieces of me there."
Thanks to years of independent evolution, user identity information also
exists with bits and pieces in different places. This presents a challenge to
application developers responsible for writing software that needs to take
into account potential access from people across the enterprise who may be in
any number of separate identity sources. It also presents a security
challenge as allowing access to one application may open doors to others that
are best kept shut.
Metadi... (more)
One of the unalterable laws of the universe is that no project, regardless of
how uncomplicated it first appears, is really ever as simple as it seems.
Anyone who owns a home can attest to that.
Take something as straightforward as repairing a dripping faucet. Remove the
handle, replace a cartridge and/or a couple of "O" rings, put the handle back
on, and you're done, right?
If you say "yes," either you've never actually repaired a faucet, or you've
been very lucky. The more likely scenario is that you go to remove the handle
only to find that the tiny screw that holds it in plac... (more)
Currently responsible for Oracle’s directory services product-lines, Clayton Donley’s technical background in this area includes experience in IT, consulting, and development in addition to authoring the book “LDAP Programming”. Prior to Oracle, Clayton founded Octet String, Inc., a developer of virtual directory technology that was acquired by Oracle in 2005. Previous positions have included a wide range of roles at Motorola and IBM. Clayton received a BA from DePaul University in Chicago.
Scott Sellers
David M. Adler
Anthony Franco
Daniel Morris
Wayne Walls
Niki Acosta
Jereme Hancock
Oren Michels
Marvin Wheeler
Douglas Kim
Ken Guiberson
