Re: Authentication/Authorization Recommendations

[Dieter Kluenter <dieter@dkluenter.de>]

Hello,

Jason.McGlamary@Medstar.net writes:

[...]
>       I have 2 file and DB servers installed with RH9 (1 is to provide
> redundancy).  I do not want to trust the company NT PDC for authentication
> to my servers, and would rather handle all authentication/authorization for
> our servers myself (mainly limited to a single division of the company).
> The environment for the whole house is Windows based (mostly Win98), so
> I'll need to be running Samba for the file sharing aspect.  Security from
> the outside world will be provided by the company firewall, but I believe
> I'd still prefer to secure all communications (no plaintext; passwords or
> otherwise).  I want OpenLDAP to provide authentication to my servers as
> well as manage groups for authorization to shares.  I'd like users to be
> able to manage their own passwords (securely), and all authorization
> handled by LDAP.
>
>       In short, my basic need is to determine how to best configure
> openldap for best security while maintaining easy account management for my
> users.  I do not really want to make my own PDC though as most docs dealing
> w/ Openldap and Samba together seem to lean towards.  The main area that's
> been boggling me thus far is the function of SASL, and how to choose a
> mechanism to use.
[...]

Win98 is the bottleneck, but with W2000 and XP you could use pGina.
http://pgina.xpasystems.com/index.php

-Dieter

-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de