[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAPv3: The OpenLDAP/Kerberos/SASL soup (was Kerberos andDIGEST-MD5)

To: Openldap list <openldap-software@OpenLDAP.org>
Subject: Re: LDAPv3: The OpenLDAP/Kerberos/SASL soup (was Kerberos andDIGEST-MD5)
From: Donn Cave <donn@u.washington.edu>
Date: Fri, 30 Jul 2004 09:44:14 -0700
In-reply-to: <20040730033646.GL2125@markus.schuldei.org>

On Thursday, July 29, 2004, at 08:36 PM, Andreas Schuldei wrote:
...

Debian-edu tries to be a key-turn educational system (for
schools) providing several services (optionally on different
servers). Adding new servers (e.g. terminal servers) to the
network would require to add the server to the domain which of
cause would require human admin interaction on the Main server
side (otherwise anyone could add his machine as a server). But
that should be minimal, manageable even for teachers.

Your tool could solve this once the authenticy of the new machine
is established and kerberos is up and running. Could LDAP help me
do even the bootstraping in a secure fashion?


I see Quanah has already addressed the basic outline of Stanford's
service for doing this, and it pretty much applies to ours too.
I'm sure most of this could be done through LDAP instead, as an
alternative network protocol with authentication, authorization
and encryption.  But the principles are the same, and what can be
done is the same.

	Donn Cave, donn@u.washington.edu

References:
- Re: LDAPv3: The OpenLDAP/Kerberos/SASL soup (was Kerberos andDIGEST-MD5)
  - From: Andreas Schuldei <andreas@schuldei.org>

Prev by Date: Re: LDAPv3: The OpenLDAP/Kerberos/SASL soup (was Kerberos andDIGEST-MD5)
Next by Date: Heimdal Vs. MIT Round 4
Index(es):
- Chronological
- Thread