[CentOS] Howto for LDAP authentication with replication

Sun Jan 13 01:46:18 UTC 2008
Ross S. W. Walker <rwalker at medallion.com>

In fact Kerberos and LDAP are two great tastes that go well together.

Keep user information and authorization information in LDAP while keep user authentication information in Kerberos.

Later you could try to keep Kerberos authentication information in LDAP with Heimdel (spelling?) Kerberos (like MS AD does) though many purists feel this compromises the whole Kerberos security principal. Maybe it does, but it sure makes for easy redundancy.

-Ross


----- Original Message -----
From: centos-bounces at centos.org <centos-bounces at centos.org>
To: CentOS mailing list <centos at centos.org>
Sent: Sat Jan 12 18:49:31 2008
Subject: Re: [CentOS] Howto for LDAP authentication with replication

> Just so we're clear here, you are actually trying to learn two distinct
> things simultaneously, how to use LDAP and how to use LDAP to
> authenticate. They are not the same thing. If you knew how to use LDAP,
> adding authentication to the knowledge base would be relatively trivial.
> Likewise, if you knew how to use LDAP, configuring Webmin would be
> relatively trivial.

Thank you for the info.  I understand that LDAP and authentication are
not the same thing.  We use LDAP within our organization for storing
other types of data but most of the staff do not like to deal with it.
 In fact some team members were opposed to using LDAP for
authentication, now I understand why!  It seems to be a pain in the
ass to learn how to use and configure.

> I can tell you that Gerald Carter's book makes the entire process
> painless but you are going to do it your way and I respect that to a
> point...but ask that you recognize that you do so at the peril of
> massive frustration.

At this point I am leaning toward using kerberos instead.  It took me
20 minutes to get a working kerberos server installation up and
running, and I can now easily add new users and authenticate them,
manage tickets, etc.  Now I understand what you meant about LDAP not
being designed for authentication.  Thank you again for your time,
Craig.  This was a good learning experience for me.

thanks

Sean
_______________________________________________
CentOS mailing list
CentOS at centos.org
http://lists.centos.org/mailman/listinfo/centos

______________________________________________________________________
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20080112/0f1a8426/attachment-0004.html>