[Klug-general] Kerberos
nic dan
dungeons88 at hotmail.com
Fri Apr 29 11:16:31 UTC 2011
Sorry Peter, don't know Kerberos at all, but found this
http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-samba-servers.html
which shows smb.config and samba security setup and use of kinit to start kerberos
and kerberos deployment guide
http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-kerberos.html
....and this which relates to your previous request, and may help understand some of the easy bits
http://www.steve-lacey.com/2006/11/linux_as_a_wind
HTH
Aitch
-----------------------------------------------------------------------------------------------------------------------
> Date: Thu, 28 Apr 2011 19:10:34 +0100
> From: pchilds at bcs.org
> To: kent at mailman.lug.org.uk
> Subject: [Klug-general] Kerberos
>
> Let me get this right.
>
> Kerberos is a protocol for transferring security details a bit like
> ssh private/public keys.
>
> Kerberos has its own password file to store its passwords in. You can
> store them else where but this is not normal.
>
> LDAP is often used to store the rest of the account details in such as
> default shells, home directories etc etc. LDAP can use Kerberos to
> store its security data.
>
> In effect Kerberos is a network replace for the /etc/shadow file and
> is attached to pam
>
> LDAP is a replacement for the nsswitch and is used to replace the
> /etc/passwd file which does not store passwords anymore anyway.
>
> Hence you actually end up with two user databases, one in Kerberos and
> one in LDAP which means some database duplication and need to keep
> both user lists in sync....
>
> There is also no reason to need to use LDAP with Kerberos you could
> use Kerberos with PostgreSQL if you like.
>
> You can also tell Kerberos to store its passwords in LDAP but that
> means LDAP can't use Kerberos to do its security because you would
> then have a circular dependency.
>
> Kerberos and LDAP are used by SAMBA and need to be set up correctly if
> you want to run a PDC with anything less than the simplest of settings
> or want Samba to look like an Active Directory.
>
> Or am I completely up a tree and confused...
>
> Peter.
>
> _______________________________________________
> Kent mailing list
> Kent at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/kent
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/kent/attachments/20110429/79625a2b/attachment.htm>
More information about the Kent
mailing list