Re: Sparc Solaris NIS client Linux NIS server

From: "Nico Kadel-Garcia" <nkadel@xxxxxxxxxxx>
Date: Thu, 15 Dec 2005 22:38:18 -0500

"Menno Duursma" <menno@xxxxxxxxxxx> wrote in message
news:pan.2005.12.15.20.54.12.277965@xxxxxxxxxxxxxx
> On Wed, 14 Dec 2005 22:25:13 -0500, Nico Kadel-Garcia wrote:

>> fairly easy to integrate into quite a few setups.
>
> This way of intergrating things doesn't look to me a very reliable one...
> Rather then do this you may want to consider using the SASL with GSS-API
> method for Kerberos autenticated LDAP.

I've had.... unfortunate adventures integrating Kerberos into mixed
networks. It got nasty, and I wound up finding one of the Kerberos authors
and having rude words with him about some of its sillier behavior. (The
compilation absolutely failed if your "`hostname`" was not a
fully-qualifified hostname.) Getting the Active Directory administrators to
talk to me was even more painful.

>> I wish it were more standardazied, but that seems to be evolving out of
>> its broad deployment in Linux.
>
> I'm pretty sure there are RFCs all of this:
>
> RFC1520 -> Kerberos
> RFC1964 -> GSS-API
> RFC2222 -> SASL
> RFC2251 -> LDAP

RFC's are great. RFC's often fail to provide a graceful walk through the
minefields of compatibiltiy. Take a look at the IMAP debates for examples of
how even a good RFC can fail to make clear important issues.

.

References:
- Sparc Solaris NIS client Linux NIS server
  - From: dogdog
- Re: Sparc Solaris NIS client Linux NIS server
  - From: Chris Cox
- Re: Sparc Solaris NIS client Linux NIS server
  - From: dogdog
- Re: Sparc Solaris NIS client Linux NIS server
  - From: Chris Cox
- Re: Sparc Solaris NIS client Linux NIS server
  - From: Nico Kadel-Garcia
- Re: Sparc Solaris NIS client Linux NIS server
  - From: Chris Cox
- Re: Sparc Solaris NIS client Linux NIS server
  - From: Nico Kadel-Garcia
- Re: Sparc Solaris NIS client Linux NIS server
  - From: Menno Duursma

Prev by Date: Re: setting up a file server
Next by Date: Re: Web server and email server in different places with same domain name
Previous by thread: Re: Sparc Solaris NIS client Linux NIS server
Next by thread: Re: Sparc Solaris NIS client Linux NIS server
Index(es):
- Date
- Thread

Relevant Pages

Re: lan hash
... I was hoping it would fail during login so I can confirm that our kerberos ... We do have the default kerberos policy in place. ... In the case of an IP address, an SPN cannot be found to match and NTLM will ... 2003 Active Directory environment - it's certainly not the only one. ...
(microsoft.public.windows.server.active_directory)
Re: lan hash
... I was hoping it would fail during login so I can confirm that our kerberos ... We do have the default kerberos policy in place. ... In the case of an IP address, an SPN cannot be found to match and NTLM will ... 2003 Active Directory environment - it's certainly not the only one. ...
(microsoft.public.windows.server.active_directory)
Re: lan hash
... Negotiate authentication does not work by trying Kerberos first and then trying NTLM if that fails. ... In the case of clock skew, if Kerb is attempted, Kerb will simply fail and the user will not be able to log in. ... 2003 Active Directory environment - it's certainly not the only one. ...
(microsoft.public.windows.server.active_directory)
Kerberos with I18N support
... chars(japanese,german,...) it falls into fail, ... My primary doubt is, Is kerbros internationalized????? ... Sent from the Kerberos - General mailing list archive at Nabble.com. ...
(comp.protocols.kerberos)
Re: Kerberized authorization service
... The lack of a plain English introduction/explanation to the API is probably ... why Kerberos doesn't have a heck of a lot of application support. ... While I no fan of the GSSAPI, Russ Allbery told me once that if you suck it ... up and wade through the RFCs, ...
(comp.protocols.kerberos)