[Info-vax] HP Integrity rx2800 i4 (2.53GHz/32.0MB) :: PAKs won't load
Kerry Main
kerry.main at backtothefutureit.com
Fri Feb 19 19:41:45 EST 2016
> -----Original Message-----
> From: Info-vax [mailto:info-vax-bounces at info-vax.com] On Behalf Of
> Craig A. Berry via Info-vax
> Sent: 19-Feb-16 6:38 PM
> To: info-vax at info-vax.com
> Cc: Craig A. Berry <craigberry at nospam.mac.com>
> Subject: Re: [New Info-vax] HP Integrity rx2800 i4 (2.53GHz/32.0MB) ::
> PAKs won't load
>
> On 2/19/16 5:20 PM, David Froble wrote:
> > Stephen Hoffman wrote:
>
> >> TL;DR: LDAP and Kerberos are like DNS, but for distributed
> >> authentication and delegation. Replicable, distributable, scaleable,
> >> available, etc.
> >
> > As initially claimed, I don't have day to day hands on experience with
> > VMS clusters. It was my impression that the scope of the common
> data
> > was greater than just login authentication.
> >
> > My vague impression of LDAP is that it's mainly for login
> > authentication. If my understanding is not correct, then I need to do
> > more reading. (I hate that.)
>
> Mainly, maybe, but not only. All sorts of properties and attributes can
> be stored with an LDAP account, and of course machines as well as users
> can have accounts on the domain. What's not obvious to me is how
> something that provides eventual consistency (LDAP replication) would
> be
> adequate for something like VMS clusters, where it does matter *when*
> the coordinating machines become aware that other machines have
> joined
> or left.
I would also vote for much greater LDAP/X.500 integration with OpenVMS.
Think of MS Windows - you have a local account (SYSUAF) that you can login
into on a standalone system / cluster OR you can have a global domain (LDAP
/x.500) account you can log into. A global domain can integrate not just
standalone users and clusters, but also multiple clusters around the globe.
Your local account (sysuaf), if priv'ed, can do whatever it wants on that local
system , but it can't impact any systems beyond that server.
Yes, like MS AD or any other directory based solution on any platform, when
moving to a global directory based domain, there is added complexity in
planning, design and managing it.
Enterprise Directory V5.7 is now a VSI released product and while it no
doubt will need some upgrades, it is certainly a very sound product from
which to build on.
Btw, while I am only a rookie directory guy, I have chatted about directory
functions and capabilities with those who are much more expert and the
feedback I received was that MS AD is the lowest common denominator of
directories, so there is loads of features that could provide key competitive
differentiators.
This is especially true when you start looking at higher levels of security
which build on the directory services layer - like identity management,
authentication across public / private clouds etc. These are going to
become much more critical in the future for enterprise customers.
There are also ISV's out there with 100% Java based add-on identity
mgmt prod's that integrate with any LDAP V3 directory. This might also
be a future option as well.
Reference the following Enterprise Directory (ED) 2007 SPD (before anyone
asks, you no longer need DECnet and it is available on both Alpha and
Integrity):
http://h30266.www3.hp.com/PDFs/OpenVMSEnterpriseDirectoryV56.pdf
ED V5.6 ECO 1 release notes from 2010:
http://tinyurl.com/EDir-eco-notes
Actual url will wrap
http://h30266.www3.hp.com/odl/i64os/network/entdir56/ENTDIR56ECO1_RELEASE_NOTES.PDF
Regards,
Kerry Main
Kerry dot main at starkgaming dot com
More information about the Info-vax
mailing list