Kerberos/LDAP Howto

R. Scott Belford scott at hosef.org
Thu Sep 24 19:44:35 BST 2009


Having spent entirely too much time on this, and not having compiled
my own eventual how-to on CentOS, let me point you here

http://forums.freebsd.org/showthread.php?t=770

the result of which is here

http://sourceforge.net/projects/autosambaldap/files/

It's based on FreeBSD.  However, the thread will teach you more than
any how-to that exists, and the resulting install script is the
greatest thing, ever, for those of us wanting a real enterprise
alternative, with Kerberos, for our setups.  I have not found the
time, or the need, to modify this for gnu/linux.

--scott

On Fri, Sep 18, 2009 at 6:12 AM, Todd O'Bryan <toddobryan at gmail.com> wrote:
> Thanks. I'll try to go through it. I hadn't found your tutorial
> through the normal Googling.
>
> I guess the one issue with not using Kerberos is that you can query
> LDAP for the password hashes, which should ideally not be available to
> anybody. On the other hand, as you said, if I can get LDAP working for
> authorization and authentication, then I should be able to substitute
> Kerberos for the authentication part fairly easily.
>
> Todd
>
>
> On Fri, Sep 18, 2009 at 1:00 AM, Asmo Koskinen <asmo.koskinen at arkki.info> wrote:
>> Todd O'Bryan kirjoitti:
>>
>>> Does anyone have a very step-by-step how-to that they can suggest that
>>> will get me from point A to point B with the least amount of pain?
>>
>> Have you seen this:
>>
>> https://help.ubuntu.com/community/UbuntuLTSP/OpenLDAP_NFS_SSL
>>
>> It uses SSL, not Kerberos.
>>
>> If you get openLDAP to work with that howto (SSL), you can turn Kerberos on
>> later, I guess. Never try Kerberos by myself.
>>
>> Be very careful when dealing with PAM.
>>
>> ps. I wrote that, so I'm glad to hear how easy that howto is as a
>> step-by-step howto.
>>
>> Best Regards Asmo Koskinen.
>>
>
> --
> edubuntu-users mailing list
> edubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users
>



More information about the edubuntu-users mailing list