On 1/13/08, Ross S. W. Walker <rwalker@xxxxxxxxxxxxx> wrote:
>
> In fact Kerberos and LDAP are two great tastes that go well together.
>
> Keep user information and authorization information in LDAP while keep user
> authentication information in Kerberos.
>
> Later you could try to keep Kerberos authentication information in LDAP with
> Heimdel (spelling?) Kerberos (like MS AD does) though many purists feel this
> compromises the whole Kerberos security principal. Maybe it does, but it
> sure makes for easy redundancy.
>
> -Ross
>
>
> ----- Original Message -----
> From: centos-bounces@xxxxxxxxxx <centos-bounces@xxxxxxxxxx>
> To: CentOS mailing list <centos@xxxxxxxxxx>
> Sent: Sat Jan 12 18:49:31 2008
> Subject: Re: Howto for LDAP authentication with replication
>
> > Just so we're clear here, you are actually trying to learn two distinct
> > things simultaneously, how to use LDAP and how to use LDAP to
> > authenticate. They are not the same thing. If you knew how to use LDAP,
> > adding authentication to the knowledge base would be relatively trivial.
> > Likewise, if you knew how to use LDAP, configuring Webmin would be
> > relatively trivial.
>
> Thank you for the info. I understand that LDAP and authentication are
> not the same thing. We use LDAP within our organization for storing
> other types of data but most of the staff do not like to deal with it.
> In fact some team members were opposed to using LDAP for
> authentication, now I understand why! It seems to be a pain in the
> ass to learn how to use and configure.
>
> > I can tell you that Gerald Carter's book makes the entire process
> > painless but you are going to do it your way and I respect that to a
> > point...but ask that you recognize that you do so at the peril of
> > massive frustration.
>
> At this point I am leaning toward using kerberos instead. It took me
> 20 minutes to get a working kerberos server installation up and
> running, and I can now easily add new users and authenticate them,
> manage tickets, etc. Now I understand what you meant about LDAP not
> being designed for authentication. Thank you again for your time,
> Craig. This was a good learning experience for me.
>
> thanks
>
> Sean
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
> ______________________________________________________________________
> This e-mail, and any attachments thereto, is intended only for use by
> the addressee(s) named herein and may contain legally privileged
> and/or confidential information. If you are not the intended recipient
> of this e-mail, you are hereby notified that any dissemination,
> distribution or copying of this e-mail, and any attachments thereto,
> is strictly prohibited. If you have received this e-mail in error,
> please immediately notify the sender and permanently delete the
> original and any copy or printout thereof.
>
>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
