Re: Experiences with "Single Sign On" and LDAP?

[Dieter Kluenter <dieter@dkluenter.de>]

Jan-Hendrik Palic <jhp@addix.net> writes:

> Hoi .... 
> On Thu, Feb 20, 2003 at 02:01:53PM +0100, Dieter Kluenter wrote:
>>> I thought about a solutions with LDAP and Kerberos5. The clients are
>>> mixed Linux RedHat/Debian and Windows 2k/XP.
>>> 
>>> Has anyone any experiences with it? Is it possible? Where do I get into
>>> trouble maybe?
>>
>>Yes, it is possible, either with ActiveDirectory or with OpenLDAP and
>>MIT KRB5 an I have realised it in my small local network. 
>
> With all services or do you have some exceptions?
> Is it possible to combine the Domainauthentifications from Windows
>  with LDAP/Krb5?

With all services that are able to authenticate using OpenLDAP, SASL or
PAM, i use the pam_krb5 module form
http://sourceforge.net/projects/pam-krb5, which ist not the pam_krb5
Module distributed by RedHat 

> Do you have a how to for that? I googled around the world, but perhaps
> you can point me to one you found.

W2K clients can obtain tickets from a vanilla MIT krb5 KDC, all you
have to do, ist setup your W2K Clients with Ksetup.

And no, there ist not much information available. If you do have more
questions send me al prive mail please.

-Dieter

-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter@schevolution.com
http://www.schevolution.com/tour