FRLinux wrote:
> On Tue, 15 Feb 2005 16:42:51 +0000, Gareth Eason <bigbro at skynet.ie> wrote:
>>> We're (skynet.ie) undergoing a migration process at the moment from
>>LDAP to Kerberos. All experimental as yet, but no showstoppers
>>discovered AFAIK. Other subscribers to the list could tell you more, if
>>they so choose :-)
>> Out of curiosity, what pushed you to migrate from LDAP to kerberos
> (and also was it OpenLDAP or some sucky proprietary unix LDAP) ?
General awkwardness of getting ldap auth working securely in an
hetrogeneous enviroment. We currently run openldap on a solaris box,
most(all?) of the clients being linux boxes. I don't remember the
details, but istr that getting solaris to support decent hashing of
passwords required jiggery-pokery. Also, kerberos has the nice feature
of allowing single-sign-on for the cluster, and is generally more a
'standard' auth mechanism. I've even got it working with winxp (and
theoritically 2k, but not tested that one yet). Also, it's faster than
using ssh keys on the older hardware we tend to use. For stuff like
checking mail this is a welcome delay removal.
Steve
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
