[Date Prev][Date Next]
I think I have crashed my LDAP, it was running without authentication
configuration, but it gives me 'Segmentation fault' now. Any idea? O, I
was doing Pam and NSS ldap configuration before it happened, now I
cannot start LDAP.
From: Alan Sparks [mailto:firstname.lastname@example.org]
Sent: Wednesday, June 25, 2003 11:31 AM
Subject: RE: How to Confuse SSO
I don't have a lot of info wrt Kerberos as I do not use them. If you
have Kerberized client software, the LDAP server can be used as a
Kerberos client and as a user data repository. Kerberos will help
implement an SSO model where you issue a password once on the network,
again presuming every tool you use is Kerberos-aware. We use the
unified account model here, you have to issue the password on each
machine login, but it's the same on all machines. I think Kerberos is a
hard thing to get into, IMHO.
The RPMs are the easiest way. Installing the RPMs you also get the
needed ldap.conf file, and the modified /etc/pam.d/ files for tying
logins to the LDAP service. The downloads from padl are fine, you'll
just have to figure them out.
There's a tool shipped with RedHat (authconfig) that can be used to set
up the system for LDAP authentication. -Alan
cody wang said:
> Thanks for you information.
> Does RPMs mean only can be install from CD or I can use download gz or
> tar files from padl.com for pam_ldap?
> So, I can just use Open LDAP/pam_ldap/nss_ldap to do a single
> username/password across a group of machines? Do they need to retype a
> same password for different machines?
> What can Kerberos 5/Cyrus-sasl/Berkeley DB do for SSO if I add them
> -----Original Message-----
> From: Alan Sparks [mailto:email@example.com]
> Sent: Wednesday, June 25, 2003 11:01 AM
> To: firstname.lastname@example.org
> Cc: openldap-software@OpenLDAP.org
> Subject: Re: How to Confuse SSO
> You can install the pam_ldap and nss_ldap RPMs to implement a unified
> single password scheme. If you want to log into one machine and
> expect to reconnect without retyping passwords, you'll probably need
> Kerberos. If you simply want a single username/password across a group
> of machines, pam_ldap/nss_ldap and OpenLDAP is good enough.
> SSL/TLS is not strictly necessary, but you quite well may want it to
> protect client to directory communication during password checks.
> cody wang said:
>> I want to set-up Single Sign On (SSO) solution on Redaht Linux.
>> However, I have read many web site reference that use different
>> application so I am confused which on can be used for SSO?
>> Do I need configure all of them? Do I really need Kerberos 5? Do I
>> still miss something? Is TLS/SSL nessary for SSO?
>> Kerberos 5/Cyrus-sasl/Open LDAP/Berkeley DB/pam_ldap/nss_ldap
> Alan Sparks, UNIX/Linux Systems Administrator
> *** Incoming Mail scanned for known Viruses by CLUnet ***
Alan Sparks, UNIX/Linux Systems Administrator
*** Incoming Mail scanned for known Viruses by CLUnet ***