[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Segmentation fault
You mean you cannot run slapd? Sounds much like you've somehow corrupted
your database. You may have to delete the files in the openldap-data
directory and reload the database using slapadd.
You may want to make sure local4.debug (in your syslog.conf configuration)
is set up to log to a file, and enable logging in your slapd.conf (see the
documentation for slapd.conf for more info).
-Alan
cody wang said:
> I think I have crashed my LDAP, it was running without authentication
> configuration, but it gives me 'Segmentation fault' now. Any idea? O, I
> was doing Pam and NSS ldap configuration before it happened, now I
> cannot start LDAP.
>
> Thanks
> Cody
>
>
>
> -----Original Message-----
> From: Alan Sparks [mailto:asparks@doublesparks.net]
> Sent: Wednesday, June 25, 2003 11:31 AM
> To: codywang@clunet.edu
> Subject: RE: How to Confuse SSO
>
>
> I don't have a lot of info wrt Kerberos as I do not use them. If you
> have Kerberized client software, the LDAP server can be used as a
> Kerberos client and as a user data repository. Kerberos will help
> implement an SSO model where you issue a password once on the network,
> again presuming every tool you use is Kerberos-aware. We use the
> unified account model here, you have to issue the password on each
> machine login, but it's the same on all machines. I think Kerberos is a
> hard thing to get into, IMHO.
>
> The RPMs are the easiest way. Installing the RPMs you also get the
> needed ldap.conf file, and the modified /etc/pam.d/ files for tying
> logins to the LDAP service. The downloads from padl are fine, you'll
> just have to figure them out.
>
> There's a tool shipped with RedHat (authconfig) that can be used to set
> up the system for LDAP authentication. -Alan
>
>
> cody wang said:
>> Thanks for you information.
>>
>> Does RPMs mean only can be install from CD or I can use download gz or
>
>> tar files from padl.com for pam_ldap?
>>
>> So, I can just use Open LDAP/pam_ldap/nss_ldap to do a single
>> username/password across a group of machines? Do they need to retype a
>
>> same password for different machines?
>>
>> What can Kerberos 5/Cyrus-sasl/Berkeley DB do for SSO if I add them
>> later?
>>
>> Thanks
>> Cody
>>
>>
>>
>> -----Original Message-----
>> From: Alan Sparks [mailto:asparks@doublesparks.net]
>> Sent: Wednesday, June 25, 2003 11:01 AM
>> To: codywang@clunet.edu
>> Cc: openldap-software@OpenLDAP.org
>> Subject: Re: How to Confuse SSO
>>
>>
>> You can install the pam_ldap and nss_ldap RPMs to implement a unified
>> single password scheme. If you want to log into one machine and
>> expect to reconnect without retyping passwords, you'll probably need
>> Kerberos. If you simply want a single username/password across a group
>
>> of machines, pam_ldap/nss_ldap and OpenLDAP is good enough.
>>
>> SSL/TLS is not strictly necessary, but you quite well may want it to
>> protect client to directory communication during password checks.
>>
>> -Alan
>>
>> cody wang said:
>>> Hi
>>>
>>> I want to set-up Single Sign On (SSO) solution on Redaht Linux.
>>> However, I have read many web site reference that use different
>>> application so I am confused which on can be used for SSO?
>>>
>>> Do I need configure all of them? Do I really need Kerberos 5? Do I
>>> still miss something? Is TLS/SSL nessary for SSO?
>>>
>>> Kerberos 5/Cyrus-sasl/Open LDAP/Berkeley DB/pam_ldap/nss_ldap
>>>
>>>
>>> Thanks
>>> Cody
>>
>>
>> ===========
>> Alan Sparks, UNIX/Linux Systems Administrator
>> <asparks@doublesparks.net>
>>
>>
>>
>>
>> *** Incoming Mail scanned for known Viruses by CLUnet ***
>
>
> ===========
> Alan Sparks, UNIX/Linux Systems Administrator
> <asparks@doublesparks.net>
>
>
>
>
> *** Incoming Mail scanned for known Viruses by CLUnet ***
===========
Alan Sparks, UNIX/Linux Systems Administrator <asparks@doublesparks.net>