Mathieu Baudier wrote:
Apart from ipa are there any other good tools out there for centralised user
auth?
I am currently testing LDAP (openldap) combined with nss_ldap,
configured with authconfig.
It works and the nice thing is that you can have consistent
authentication at OS and application level (apache, PHP, java, etc.).
Combined with NFS mounted home directories, it also gives you
consistent uids across the hosts.
However I am still evaluating the security implications of the bind
process: if the access rights are too restrictive in openldap it
doesn't work. It depends if everything will run in the same LAN or if
you need external access. Then you probably need to go the client
certificate route + SSL/TLS, which is not trivial to deploy (but works
as well).
If you go this way, I can share some of my findings in more details.
Always interested in a step by step how to - maybe consider writing it
up for the CentOS wiki??
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
|
begin:vcard
fn:Rob Kampen
n:Kampen;Rob
email;internet:rob@xxxxxxxxxxxxxxxxx
tel;cell:407-341-3815
version:2.1
end:vcard
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
