On 6/2/05, Nicolas Mailhot <Nicolas.Mailhot@xxxxxxxxxxx> wrote: > > Single sign-on doesn't require a LDAP server, but some kind of central > > identity magament which can be supplied by using a Kerberos V KDC like > > the Kerberos V MIT implementation that comes in the form of krb5-* > > packages for Fedora Core. > > Kerberos is insufficient by itself. > 9 times out of ten if you're interested in SSO you want at least a > centralised adressbook too. The needs start snowballing pretty quickly. Yeah, I know... I simply stated that LDAP isn't a requirement, although it's pretty recommended. I have a small LAN at home and have been using Kerberos without LDAP with no problems. However, SSO without centralized identity management in SMEs can lead to serious security and organizational headaches. > The Microsoft implementation may be bad but they've understood the needs > of small to big corporations pretty well (for huge corporations their > offering does not scale but they'll be using their own ldap/kerberos > combo anyway). Microsoft implementation isn't that bad... what's bad is their closed-mind approach to getting things out of the door and their lock-in mentality. However, AD is a great idea and it's what we're currently lacking. > > An easy ldap/krb5 setup would be used starting from two computer > networks. Only licensing and complexity have active directory start > above SMEs. > We need easy SSO, adressbook, network conf, ical, file sharing > (thanksfully dhcp/dns, imap/smtp, ipp, http, sql and office software are > well covered now) Agree, but just make sure we don't make this a requisite: people should still be able to work without this kind of integration, if they wish. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-devel-list
