Re: Howto for LDAP authentication with replication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Title: Re: Howto for LDAP authentication with replication

In fact Kerberos and LDAP are two great tastes that go well together.

Keep user information and authorization information in LDAP while keep user authentication information in Kerberos.

Later you could try to keep Kerberos authentication information in LDAP with Heimdel (spelling?) Kerberos (like MS AD does) though many purists feel this compromises the whole Kerberos security principal. Maybe it does, but it sure makes for easy redundancy.

-Ross


----- Original Message -----
From: centos-bounces@xxxxxxxxxx <centos-bounces@xxxxxxxxxx>
To: CentOS mailing list <centos@xxxxxxxxxx>
Sent: Sat Jan 12 18:49:31 2008
Subject: Re: Howto for LDAP authentication with replication

> Just so we're clear here, you are actually trying to learn two distinct
> things simultaneously, how to use LDAP and how to use LDAP to
> authenticate. They are not the same thing. If you knew how to use LDAP,
> adding authentication to the knowledge base would be relatively trivial.
> Likewise, if you knew how to use LDAP, configuring Webmin would be
> relatively trivial.

Thank you for the info.  I understand that LDAP and authentication are
not the same thing.  We use LDAP within our organization for storing
other types of data but most of the staff do not like to deal with it.
 In fact some team members were opposed to using LDAP for
authentication, now I understand why!  It seems to be a pain in the
ass to learn how to use and configure.

> I can tell you that Gerald Carter's book makes the entire process
> painless but you are going to do it your way and I respect that to a
> point...but ask that you recognize that you do so at the peril of
> massive frustration.

At this point I am leaning toward using kerberos instead.  It took me
20 minutes to get a working kerberos server installation up and
running, and I can now easily add new users and authenticate them,
manage tickets, etc.  Now I understand what you meant about LDAP not
being designed for authentication.  Thank you again for your time,
Craig.  This was a good learning experience for me.

thanks

Sean
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof. 
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux