Re: single login and Ldap

[Phil Stracchino <alaric@caerllewys.net>]

On Sat, Oct 25, 2003 at 12:00:03AM -0700, jawed abbasi wrote:
> Suppose I have LDAP server  (A) authenticating Win32 and Linux
> clients perfectly. 
> Now I have 5 machines on network, B,C,D,E,F.
> One person logsin on B successfully authenticating from LDAP server.
> now he is in on computer B, and can do anything on that perticular
> workstation, but if he wants to loginto workstation C, he still again
> needs to loginto C, using telnet rsh, ssh or whatever process is
> available, and go through providing Account and passwd info, and
> ofcourse C will send info to LDAP server, if approved will let user
> in. 

> But then this not single login, and to me it means that each time a
> user needs to access network resource, he/she has to go through auth
> process, so why people say ldap provides single login. 

LDAP does not make machine boundaries transparent.  What it does do is
provide a single SOURCE of login authentication, so that you don't need
to ge creating the account and setting the password on every machine.
If you want that authentication to then be propagated to allow access to
other machines without having to log in to them again, then you need to
look at something like, say, Kerberos.


-- 
 .*********  Fight Back!  It may not be just YOUR life at risk.  *********.
 : phil stracchino : unix ronin : renaissance man : mystic zen biker geek :
 :  alaric@caerllewys.net : alaric-ruthven@earthlink.net : phil@latt.net  :
 :   2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold)   :
 :    Linux Now!   ...Because friends don't let friends use Microsoft.    :