Comment by core-questions

7 years ago

> Your response is too long

Rude. Go ahead and run your small computer lab and pretend you're dealing with issues on the scale that companies with thousands or tens of thousands of employees do. They're absolutely choosing the cheaper option when going with a managed provider vs. your hacked-together TOTP solution.

2 comments

core-questions

Reply
bubblethink  7 years ago

There is nothing hacked together in this. If you are not aware, freeipa (called idm downstream by RedHat) is a pretty full featured solution with is more or less a replacement for AD if your clients are unix based. And RedHat will absolutely support your scale requirements. It is mostly that AD is a lock-in in itself due to windows, and duo will work better with AD, whereas idm/freeipa does not have a standalone 2fa product that would work with AD.

  • core-questions  7 years ago

    > more or less a replacement for AD if your clients are unix based

    Few people are lucky (?) enough to support a purely unix environment. AD is not expensive when it comes to enterprise-scale projects and plenty of things simply require it for proper support, so I've never seen an enterprise that doesn't have it. I have seen enterprises with classic non-AD pre-Windows-2000 LDAP integrated alongside AD, but usually just as a legacy thing that's too hard to remove.

    Considering the amount of resources available to help with AD vs. the amount you'd need to be able to support a 3rd party solution, it should be no surprise MS still has a stranglehold on this. What's more surprising is how badly they've fumbled the use of Azure AD, SSO, ADFS, etc. as real solutions compared to the cloud-first vendors like OneLogin, Duo, Centrify, etc.