KLF Setup
Tim Keitt
tkeitt at gmail.com
Sun May 6 16:56:17 UTC 2007
Message: 3
Date: Fri, 04 May 2007 16:16:29 +0100
From: Andrew Price <andy at andrewprice.me.uk>
Subject: Re: KLF Setup
To: ubuntu-devel-discuss at lists.ubuntu.com
Message-ID: <f1fiod$gc8$1 at sea.gmane.org>
Content-Type: text/plain; charset=ISO-8859-1
On 04/05/07 16:01, Johnathan Falk wrote:
> One of the biggest things that linux users forget all the time is that
> Microsoft doesn't have a monopoly because of their pretty desktop because if
> desktop beauty was the deciding factor we would all use OS X. The biggest
> thing is that one a windows server you can have Ldap + Kerberos + File
> Serving setup in under 10 minutes with no hassle. On windows its "Hey do you
> want to install Active Directory? Ok I can do that for you type your dns
> domain name and admin password POOF! I'm done."
>
> I have spent the last 8 days trying to get Ldap + Kerberos + NFSv4 to work
> at home with a little 6 node network and I can't even do that, how do you
> expect me or anyone to try and deploy this at a business or a school? Its
> practically impossible to find a good howto on this, and then feeding ldap
> information with ldif's? What the hell?! Yes I know this is standard but I
> come from a windows world and to paraphrase the Mac people "it just works"
> I am sick of struggling with this and pretty soon am just going to go back
> to windows work stations.
There's a specification being worked on to provide the features you
mention. It seems to be making good progress:
https://launchpad.net/ubuntu/+spec/network-authentication
[Above clipped from digest]
I realize that network authentication is being actively pursued and
everything leads me to believe it will be done right in Ubuntu. If you
really want to be disruptive (positive or negative depending on your
perspective ;-), dump /etc/passwd (except root) and install ldap on
all systems by default (restricted to localhost unless admin chooses
otherwise). When ldap becomes default infrastructure, it will find
many many uses. Kerberos is nice, but realize that it is only as
secure as the ticket server. Once your ticket server is compromised,
the hacker gains single sign-on too.
THK
--
Timothy H. Keitt, University of Texas at Austin
Contact info and schedule at http://www.keittlab.org/tkeitt/
Reprints at http://www.keittlab.org/tkeitt/papers/
ODF attachment? See http://www.openoffice.org/
More information about the Ubuntu-devel-discuss
mailing list