[Klug-general] Passwords

Peter Childs pchilds at bcs.org
Mon Sep 5 09:46:27 UTC 2011


On 5 September 2011 10:10, Laurence Southon <laurence at southon.uk.net> wrote:

> On 05/09/11 08:24, Peter Childs wrote:
> > Any ideas, I can't think of anything that fits the bill.
>
> LDAP?
>
> See the bottom of this page:
>
> http://wiki.debian.org/LDAP/PAM
>
> for how to store locally for when the server not available, though the
> other approach would be to have two LDAP servers and replicate.
>
> Not easy to implement, but a useful howto here:
>
> http://techpubs.spinlocksolutions.com/dklar/ldap.html
>
> HTH,
>
> LS
> --
> Laurence Southon
> Tiger Computing, Bexley
> www.tiger-computing.co.uk
>
> _______________________________________________
> Kent mailing list
> Kent at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/kent
>

Hmm quick lesson on LDAP docs.

Its more complicated than that.

LDAP is just a database, its a pain, badly documented etc etc etc (short
answer I hate it but that might be a personal view)

most LDAP based setups store there passwords in Kerberos and only the
user information (such as shell, name, and home directory stuff) actually in
LDAP although Kerberos can store its data in LDAP, which creates
an interesting loop.

Anyway it still fails when the network fails, or you password server is down
for what ever reason, true you can have Salves or a distributed database but
its not that easy under linux.

My current idea is to use Kerberos, but that still does not solve the user
information stuff,



Peter.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/kent/attachments/20110905/8e35467e/attachment.htm>


More information about the Kent mailing list