We don’t have samba shares, our linux systems are used as servers
We don’t (want to) use SSO
Please explain this, as non-windows systems without special software are not full AD members, why the Gentoo Wiki is so wrong…
We use domain users on local machines. It is not possible to use a non AD account to login, unless you use the root login on console (secured by red envelope procedure)
Again: Please explain
What exactly does YAST use underneath the service to establish the AD configuration?
As far as I have understood… these includes (parts of) the samba package
We use sudo, sometimes to the command-level. All is based on group-access defined in our AD.
Shared Accounts is not perse a violation, there are tasks that can only be accomplished by shared accounts. Everything is audited, using the audit features on SuSE as wel as command-line logging per shell. (only a special version of ksh is available for login, also defined in the AD).
I understand from your reaction, that the gentoo way is not the way to go, but i don’t understand the reasons why… Could you please explain that?
