LDAP Arcane?

[Jonathan Hutchins]

----- Original Message ----- 
From: "Dave Hull" <dphull at insipid.com>

> Actually many organizations are looking to directory services (LDAP) to
> simplify and reduce complexity.

In the long run, in a large organization, with a multi-person team working out
how to integrate the disparate schema, it's a good thing that reduces
complexity.  For a small network with one administrator who must devide his
time with other clients or projects, LDAP can be a real nightmare unless you
luck into complementary elements for the different layers.

> This "single sign-on" business makes me nervous frankly because it means if
a
> person cracks a single password, they'll be able to wreak havoc on multiple
> systems...

More than that, there's only one thing to go wrong.  Most of the time this is
good, but if that one thing messes up your whole system may be screwed.