[CentOS] FreeIPA
Rainer Duffner
rainer at ultra-secure.de
Wed Apr 8 22:44:20 UTC 2009
Am 08.04.2009 um 19:30 schrieb Les Mikesell:
> Robert Moskowitz wrote:
>>
>>> I've been watching the discussion and read the RHEL docs about IPA
>>> and
>>> thought "At Last" something that brings together all the bits for
>>> the
>>> little guy. Now it appears the RH is going to drop the ball.
>>> I have tried OpenLDAP and currently have a CentOS-DS running but am
>>> missing the bits that glue it all together. The actual core services
>>> (LDAP (either variant) Kerberos PAM samba etc) are simple enough to
>>> install on CentOS but the stuff that makes it "just work" is very
>>> difficult for me to get my head around and thus I've never actually
>>> got a setup working well enough to risk on my clients.
>>
>> I have started with SME: http://wiki.contribs.org/Main_Page
>>
>> This is a good NT Domain + equiv on Centos 4.7 and they have Centos
>> 5.2
>> (I hope now 5.3) in beta.
>>
>> I have not looked enough into their roadmap to see what is being done
>> with LDAP...
>>
>> Another effort on Fedora is Amahi.org. This is more a home product
>> with
>> a WorkGroup orientation. The inclusion of home apps like streaming
>> music makes it very attractive.
>>
>> SME is a well organized effort, originally back? by Mitel. Amahi
>> started as a one-man effort (though the one man behind it has
>> impressive
>> credentials) and has developed a 'plugin' community.
>>
>> Craig well knows the efforts of a couple of k12 guys to get some
>> SAMBA
>> integration together (http://majen.net/smbldap/). This seems to have
>> stagnated.
>>
>> I am hoping that SME continues to evolve. Their VoIP version is the
>> perfect place to get serious with LDAP.
>
> Has anyone looked at the version of ClarkConnect now in beta? This is
> similar to SME but perhaps a more modern approach (and with separate
> free/commercial versions...). The blurb claims that the initial setup
> provides LDAP authentication for easy expansion. That's something
> I've
> thought every Linux distro should have had for years, but I don't know
> if it actually works.
Maybe I understood that wrong, but the point about Free/RHEL-IPA is/
was that it doesn't use LDAP for authentication. It uses Kerberos for
that.
There are - as far as I understood - no passwords in LDAP.
FreeIPA isn't really intended as a Samba-replacement, but as a NIS-
replacement.
If you're like me and have possibly hundrets of unix-servers to
maintain, being able to provide a sane, centralized login-management
for them would be not great, it would be a revolution ;-)
It's AD for Unix done right. Or mostly - I've only played briefly with
it (lack of time).
IMO, if you have Windows-Clients, you need a Windows-Server, earlier
or later (and AD, or buy into the Novell-stack...).
Stuff like IPA will eventually help you to keep the Unix- and Windows-
world synchronized without foisting anything on any of them that they
weren't really intended to do.
Rainer
More information about the CentOS
mailing list