Kerberos Integration (Was: Fedora Crypto Consolidation Project)
Jerry James
loganjerry at gmail.com
Sun Sep 2 03:59:21 UTC 2007
On 9/1/07, Nicolas Mailhot <nicolas.mailhot at laposte.net> wrote:
> We all know active directory is just kerberos+ldap, we've been shipping
> kerberos & ldap infrastructure for years (and the fedora directory
> server is supposed to be even better), and yet somehow few (if any) ever
> use it.
Let me tell you my experience. Around the first of this year, I
decided to use kerberos+ldap to manage the machines in my research
lab. After spending hours reading documentation and experimenting
with kerberos and ldap separately, I got everything configured. It
was only then that I discovered that libuser doesn't support
kerberos+ldap.
Not wanting to waste all that time, I eventually went with the
solution to be found at http://jjames.fedorapeople.org/libuser/ (note
to libuser maintainer: there is likely a bug in libuser that can and
should be fixed; see that URL for a hint). However, there don't
appear to be any warning signs anywhere telling people to watch out
for the kerberos+ldap+libuser combination. At least, I've never seen
any. Have you?
I didn't try Fedora Directory Server; if I'm reading the web page
correctly, I went through all this in the month before it hit Fedora
Extras. The question is moot now since I no longer manage a research
lab.
--
Jerry James
http://jjames.fedorapeople.org/
More information about the fedora-devel-list
mailing list