On 1/13/08, Ross S. W. Walker <rwalker at medallion.com> wrote: > > In fact Kerberos and LDAP are two great tastes that go well together. > > Keep user information and authorization information in LDAP while keep user > authentication information in Kerberos. > > Later you could try to keep Kerberos authentication information in LDAP with > Heimdel (spelling?) Kerberos (like MS AD does) though many purists feel this > compromises the whole Kerberos security principal. Maybe it does, but it > sure makes for easy redundancy. > > -Ross > > > ----- Original Message ----- > From: centos-bounces at centos.org <centos-bounces at centos.org> > To: CentOS mailing list <centos at centos.org> > Sent: Sat Jan 12 18:49:31 2008 > Subject: Re: [CentOS] Howto for LDAP authentication with replication > > > Just so we're clear here, you are actually trying to learn two distinct > > things simultaneously, how to use LDAP and how to use LDAP to > > authenticate. They are not the same thing. If you knew how to use LDAP, > > adding authentication to the knowledge base would be relatively trivial. > > Likewise, if you knew how to use LDAP, configuring Webmin would be > > relatively trivial. > > Thank you for the info. I understand that LDAP and authentication are > not the same thing. We use LDAP within our organization for storing > other types of data but most of the staff do not like to deal with it. > In fact some team members were opposed to using LDAP for > authentication, now I understand why! It seems to be a pain in the > ass to learn how to use and configure. > > > I can tell you that Gerald Carter's book makes the entire process > > painless but you are going to do it your way and I respect that to a > > point...but ask that you recognize that you do so at the peril of > > massive frustration. > > At this point I am leaning toward using kerberos instead. It took me > 20 minutes to get a working kerberos server installation up and > running, and I can now easily add new users and authenticate them, > manage tickets, etc. Now I understand what you meant about LDAP not > being designed for authentication. Thank you again for your time, > Craig. This was a good learning experience for me. > > thanks > > Sean > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > > ______________________________________________________________________ > This e-mail, and any attachments thereto, is intended only for use by > the addressee(s) named herein and may contain legally privileged > and/or confidential information. If you are not the intended recipient > of this e-mail, you are hereby notified that any dissemination, > distribution or copying of this e-mail, and any attachments thereto, > is strictly prohibited. If you have received this e-mail in error, > please immediately notify the sender and permanently delete the > original and any copy or printout thereof. > >