In fact Kerberos and LDAP are two great tastes that go well together.
Keep user information and authorization information in LDAP while keep user authentication information in Kerberos.
Later you could try to keep Kerberos authentication information in LDAP with Heimdel (spelling?) Kerberos (like MS AD does) though many purists feel this compromises the whole Kerberos security principal. Maybe it does, but it sure makes for easy redundancy.
-Ross
----- Original Message ----- From: centos-bounces@centos.org centos-bounces@centos.org To: CentOS mailing list centos@centos.org Sent: Sat Jan 12 18:49:31 2008 Subject: Re: [CentOS] Howto for LDAP authentication with replication
Just so we're clear here, you are actually trying to learn two distinct things simultaneously, how to use LDAP and how to use LDAP to authenticate. They are not the same thing. If you knew how to use LDAP, adding authentication to the knowledge base would be relatively trivial. Likewise, if you knew how to use LDAP, configuring Webmin would be relatively trivial.
Thank you for the info. I understand that LDAP and authentication are not the same thing. We use LDAP within our organization for storing other types of data but most of the staff do not like to deal with it. In fact some team members were opposed to using LDAP for authentication, now I understand why! It seems to be a pain in the ass to learn how to use and configure.
I can tell you that Gerald Carter's book makes the entire process painless but you are going to do it your way and I respect that to a point...but ask that you recognize that you do so at the peril of massive frustration.
At this point I am leaning toward using kerberos instead. It took me 20 minutes to get a working kerberos server installation up and running, and I can now easily add new users and authenticate them, manage tickets, etc. Now I understand what you meant about LDAP not being designed for authentication. Thank you again for your time, Craig. This was a good learning experience for me.
thanks
Sean _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof.