[ubuntu-directory] NetworkAuthentication/Client
Andrew Bartlett
abartlet at samba.org
Tue Oct 31 10:39:07 GMT 2006
On Tue, 2006-10-31 at 10:14 +0100, Dieter Kluenter wrote:
> Jerry Haltom <wasabi at larvalstage.net> writes:
>
> > https://wiki.ubuntu.com/NetworkAuthentication/Client
> >
> > I have been working on this ... rather large document? It outlines my
> > current plans with regards to implementing the first step of client
> > support for Ubuntu.
> >
> > I would appreciate a read over by any interested parties. Please leave
> > comments at the bottom.
> >
> > Sorry for the prose form. Writing helps me get the ideas in my own head.
> >
> > Also, please join us on the ubuntu-directory mailing list. I would
> > appreciate any long threads about this being sent to the copy of the
> > mail I sent there. Don't clutter ubuntu-devel.
>
> I have read this paper and think it makes sense. Just a few comments
> from my side.
> If you want to integrate workstations into Active Directory KDC's
> please read
> http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/kerbstep.mspx
> For any network based services like smtp, imap, ldap etc. I would implement
> SASL GSSAPI authentication, thus libsasl and libgssapi are involved as
> well.
> With regard to PAM, consider the use of pam_unix2 instead of pam_krb5.
Actually, you want to use pam_winbindd, and have winbindd handle the
ticket management.
You also want to stay away from ktpass, and use Samba's net join
instead.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/ubuntu-directory/attachments/20061031/1d3827d8/attachment-0001.pgp
More information about the Ubuntu-directory
mailing list