Question about Kerberos and FDS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

speedy zinc wrote:

>Thanks for replying.
>
>--- Rich Megginson <rmeggins at redhat.com> wrote:
>
>  
>
>>>Or does that
>>>mean I need to setup a kerberos server and use RHDS
>>>      
>>>
>>as
>>    
>>
>>>the backend for user information?
>>> 
>>>
>>>      
>>>
>>Yes.  When you use kinit to acquire your ticket, you
>>can use that ticket 
>>to authenticate to the directory server.
>>
>>    
>>
>
>So, if I understand what you're saying, the directory
>server is acting as the TGS?
>  
>
No.  You have to set up the usual Kerberos TGS.  The directory server 
merely uses the tickets, like any other server/service.

>I'm going to setup a kerberos tonight. Which one works
>better with FDS? MIT or Heimdal?
>  
>
I'm not sure.  The instructions we have in our docs are geared towards 
MIT, but Heimdal may work just fine.

> 
>  
>
>>>And this one:
>>>- Impersonation (proxy) for multi-tier client
>>>applications.
>>>
>>>Could someone explain what does it mean and how can
>>>      
>>>
>>it
>>    
>>
>>>be used?
>>> 
>>>
>>>      
>>>
>>Sure.  This is most often used with web apps or
>>other apps that set up a 
>>pool of connections to the directory server.  Each
>>connection in the 
>>pool is bound as a proxy user.  When a real user
>>wants to authenticate, 
>>the proxy connection passes the real user's bind
>>credentials to the 
>>directory server using the proxy auth control.
>>
>>    
>>
>
>Oh, ok. I was thinking about something else :)
>  
>
It can also mean chaining.  You can set up the directory server to use 
another directory server as a database - what we refer to as a chaining 
backend or database in our docs.  The use of a directory server to act 
as a "front-end" to another directory server is also called a proxy.

>sz
>
>
>
>	
>		
>__________________________________ 
>Yahoo! Mail - PC Magazine Editors' Choice 2005 
>http://mail.yahoo.com
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users at redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>  
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3312 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20051017/62567edd/attachment.bin
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux