[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Pinch me...

In the current issue of Linux Journal, Mick Bauer's Paranoid Penguin column is about using LDAP for (secure) authentication, second in a series of three).


Shawn Powers wrote:
On Sun, 2003-07-06 at 18:05, k12osn redhat com wrote:

   Just one question...wireless? I hope we're not talking 802.11*;
that's pretty easy to crack...

No, it's licensed band.  (The ISD has license for lots of spectrum from
the FCC from the times when distance learning via television was popular
here.  The equipment has pretty much all been converted to sending
digital signals, and since it's in A) Northern Michigan and B) a
licensed portion of the spectrum -- it's pretty reliable, and not prone
to interference.)

   LDAP really isn't for authentication.  And a fellow much more
experienced than I has told me many reasons for not doing it, all having
to do with security- both integrity and intrusion.  He suggests using
kerebos instead...but I have no idea how that works, yet.  For what it's

Huh. I wonder if it's possible to restrict external access to just
fetching email addresses via the LDAP server, while using it for user
authentication internally. I'm also not familiar with kerberos, but
it's LDAP's cross-platform virtues that really shine in my situation. That said, I have just as much real world experience with LDAP as I do
with kerberos. Zilch. :)

Build your DNS solidly.

This I will agree with 200%  Our ISP (the ISD) seems to have
intermittent DNS problems.  I really want to make sure our internal DNS
server is both a caching DNS server, and will allow us to set up our
internal domain accordingly.  I also agree that using a fake TLD address
like mysite.com is silly and confusing.  I'm going to use .ils for our
TLD internally  (Inland Lakes Schools = ils) for my own sanity if
nothing else.

   OK...I've never EVER seen that, but I despise character-based email
clients, having used them for about 15-20 years. Evolve. Try something

That's it buddy, put yer mitts on. I'd scrap it up for mutt any day. ;o) lol

Seriously though, I use evolution for most emailing -- but since the
best connection I can get at home is a 26.4 dialup, text email has
become quite a friend. :) And evolution gives me the disconnects too. Perhaps it's because my KDE tray icon at work is checking for new mail
every 30 seconds, even while I'm at home.

   Try to do one more thing: once you get it set up, watch how much
time you spent on the Microsoft boxes and how much you spend on Linux.
You'll be able to support 40 MS machines, or at least 100 Linux boxes,
so you're gonna have some time on your hands...more time to chase
viruses and icons that disappear.

And don't be afraid to contact me for help!

Currently, we only have 1 windows lab. Everything else is Macintosh. I've spent a few good years making macs play with linux, and I dont'
mind the macs so much anymore. Applescript makes life really easy.

I'm really a n00b in the world of windows.  I know the normal sysadmin
is slanted the other way, but windows is truly my weakest skill.  I'm
going to try to use pGina (http://pgina.sf.net) on the windows clients
to get them to authenticate and fileshare nicely.  I think deep freeze
will be purchase to "lock down" a setup.  I have to figure out how to do
all the microsofty things like map favorites to a network drive, and get
"My Documents" to always point to the persons network share.  Sadly, I
need to learn a bit about microsoft networking, so I can avoid using a
microsoft server!  Perhaps somewhere there is a howto for linux geeks
dropped in a microsoft lab (ie, "The complete guide to making samba
replace Windows Server)  -- anyone know if the O'Reilly Samba book
includes setting up client settings, profiles, etc?

Thanks again,

_______________________________________________ K12OSN mailing list K12OSN redhat com https://www.redhat.com/mailman/listinfo/k12osn For more info see <http://www.k12os.org>

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]