[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: kerberos, openssl, openldap and cyrus-sasl

Prakash Velayutham wrote:
Hi All,

I have browsed through the various threads dealing with this topic, but can't seem to figure the right order of things. Could someone here help me get started?

I need kerberos, openssl, cyrus-sasl and openldap all to be installed and configured so that I can have an integrated authentication and authorization setup (I also have to include samba in the mix somewhere, but that I think can be plugged in later). What kind of data should reside in what database and how do I configure the entire network to use this security setup (including Windows and Linux systems)?

You will certainly need Samba in order to integrate the Windows side, that or www.padl.com's XAD. XAD would be the easiest route as it already has all of the above pieces integrated for you.

Otherwise the best integrated setup uses Heimdal Kerberos with its KDC storing its data in slapd. Then all account administration can be done with one set of tools entirely in LDAP. (If you're not going to use XAD, the next easiest approach is to use Symas CDS, which has everything except Samba integrated already.) Doing the builds in the right order can be tricky since Cyrus SASL may have circular dependencies on LDAP, and OpenSSL may have circular dependencies on Kerberos (if you enable certain options). Probably this discussion is best left to the ldap-interop mailing list since it involves so many different pieces of software.

 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/