Motivation
Motivation
I used NIS for a long time, but NIS simply is outdated. It is not flexible and not secure. So i searched for alternatives. It is always good to inspect how other systems solve a problem to learn the benefits and the drawbacks of these solutions. So i had a closer look at Microsofts Active Directory (AD) and Novells eDirectory. Both consist of a LDAP Server for holding data like usernames, user environment, permissions and so on. AD uses Kerberos to authenticate users, and i think Novell's eDirectory works the same way (anyone knows?). So i tried to figure out if this combination is a good idea in a Linux environment:
Pro:
- Kerberos is much more secure than NIS. It is a scalable distibuted high availible and very flexible authentication protocol. And it is secure.
- With OpenLDAP there is a very good open source LDAP server we can use. LDAP itself is also a very flexible protocol.
- Possible interoperability with other environment. This is the first time Microsoft tries to use standard protocols! So why not honour it and create ineroperability?
Con:
- Kerberos and LDAP are not easy to understand. The whole environment is (at the moment) not easy to setup.
Created by system. Last Modification: Saturday 23 of July, 2005 12:28:53 UTC by admin.
Category: UNIX
-
wiki page:
- How to use Microsoft Active Directory with postfix
- inserting the first object in your ldap directory
- Installing the mailsystem packages
- Integrating LDAP in your unix system
- Introduction
- Kerberizing kadmin
- Kerberizing sshd
- Kerberos setup
- LDAP
- LDAP schema files
- logging
- Motivation
- nss_ldap security
- OpenLDAP config files
- Other documentation
- performing a first ldap query
- PerfParse
- populating the directory
- Postfix and cyrus imapd and kerberos and LDAP
- Setting up a kerberos client machine
- Setting up your Kerberos servers
- SIngle sign on (SSO) first try
- SSO and Central Administration with Kerberos and LDAP
- Start the kerberos servers
- The configuration files
- The name service switch
- Tweak pam
- Understanding Kerberos
- Understanding Kerberos pt. 2
- Webserver Stress Test Tools
- What is LDAP?
- What the heck is pam?
- What we need
- What we want
- Audience
- Authenticating
- Bash script with timeout function
- Check Processes
- Check your installation
- Choosing a Realm
- configure your mail client
- Configuring and understanding pam
- configuring cyrus imapd
- configuring postfix
- Connect to kadmind and have a look into the database
- Creating the kerberos database
- Edit the Kerberos Admin Server ACL config
- Edit the kerberos client config file
- Edit the kerberos server config file
- Excursus to principals
- exploring schemas
- Fight Image Spam
- Fight Spam best practice
- adding a group
- Adding principals and authenticating
- Another principal
- nss with Solaris 10
- SerialConsole
![[toggle]](javascript:icntoggle('mod-ApplicationMenul2','module.png'); "[toggle]"){kind=small}
Sidebar
Wiki
Image Galleries
Powered by TikiWiki CMS/Groupware |
Theme: Strasa
[ Execution time: 0.51 secs ] [ Memory usage: 7.21MB ] [ 87 database queries used in 0.0 secs ] [ Server load: 0.08 ]