Re: Sparc Solaris NIS client Linux NIS server

On Wed, 14 Dec 2005 22:25:13 -0500, Nico Kadel-Garcia wrote:
> "Chris Cox" <ccox_nopenotthis@xxxxxxxxxxx> wrote in message

>> Utimately, I use NIS much like LDAP. It hold account data.
>> Authentication is a different piece that can be handled in plethora of
>> ways. I'm just pointing out that if you've got the dreaded Windows
>> beastie on the network, might as well use it for the auth piece.
>
> I can see that. I like LDAP now for avoiding dealing with the Windows
> authentication whackiness

As of NT5 it is just Kerberos. Only undocumented (and some say against
RFC1510) "extention" they really made is the PAC authorization field. But
for just autenticating against it you're not using that anyway (pam_krb5).

Samba can be a, client to / member server of, the MS-AD (which is
basically Kerberos autenticated LDAP) with winbind. However one need not
do this other then run "net join" ones to create a machine account for
autentication only.

> and having a single-source of both the configuration data and the
> authenticaiton,

This is bad thinking if you ask me. If one service happens to be
temporarly unavailable the other will be too in such a setup.

> fairly easy to integrate into quite a few setups.

This way of intergrating things doesn't look to me a very reliable one...
Rather then do this you may want to consider using the SASL with GSS-API
method for Kerberos autenticated LDAP.

> I wish it were more standardazied, but that seems to be evolving out of
> its broad deployment in Linux.

I'm pretty sure there are RFCs all of this:

RFC1520 -> Kerberos
RFC1964 -> GSS-API
RFC2222 -> SASL
RFC2251 -> LDAP

--
-Menno.

.

Relevant Pages

  • Re: Directory Services, LDAP or similar
    ... In other projects, we managed the user authentication by creating tables that define all users and its allowed capacities, then the application queryies that data to verify if a user has access to some feature or not. ... The above ID and password are sent to the service at login time. ... They are using Novell eDirectory at the enterprise level; yes it's LDAP. ... We already do that for three different DB servers; ...
    (borland.public.delphi.non-technical)
  • Re: noob on slapd with sasl errors
    ... If I may share advice based on my own trials & tribulations with LDAP ... people who need network authentication and the current state of ... context of network authentication, LDAP really is just a protocol used ... I have no idea how sasl works and why it is needed here, or even more, ...
    (Ubuntu)
  • Re: Directory Services, LDAP or similar
    ... we managed the user authentication by creating tables ... The above ID and password are sent to the service at login ... Novell eDirectory at the enterprise level; yes it's LDAP. ... servers; ...
    (borland.public.delphi.non-technical)
  • No more logins after upgrade to deb 5.0
    ... After upgrading from Debian 4.x to 5.x without any further configuration attempts my LDAP Authentication configuration fails. ... If an LDAP Administrator resets that users password and/or as long their ldap password is not expired the user can login anywhere just fine. ...
    (Debian-User)
  • Re: Recommended strategy for providing access to web apps via Inte
    ... LDAP is an ugly solution on the public internet, ... These federated authentication protocols are designed to address these ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.windows.server.active_directory)