 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Hi Greg, I think you're a bit mixed up. > So, what do people use? > > * Active Directory > * Apache Directory http://directory.apache.org/ > * Kerberos, LDAP, NTP, DNS and Samba Active Directory is the Microsoft solution for SSO, and it incorporates an LDAP server, Kerberos and DNS. So it's not as if you choose to use either LDAP or AD, since AD has some sort of LDAP baked right in. The Apache Directory server is just another LDAP server implementation. It's a competitor to OpenLDAP, 389 Directory Server (the successor to Fedora DS which was the successor to Red Hat DS which was derived from Netscape DS), etc. Novell and Sun both have LDAP servers too. There are others. Samba is just a file serving product and doesn't have anything to do with SSO per se. You can just as easily drop in NFS/AFS/AFP/etc depending on what your requirements are. Generally speaking, most of the SSO products use an LDAP server to store user account data and then use Kerberos to do the actual authentication. You can put the user's password in the LDAP server, and then your services would all auth against LDAP. There are pros and cons to that approach. Kerberos lets your user auth once and get a "ticket granting ticket" that lets them auth against other services without re-entering their password. It's heavily dependent on the machines having the correct time, so an NTP server is a common component in SSO products. DNS is also frequently bundled in, since Kerberos is finicky about hostnames and reverse DNS, and you can publish information about your LDAP and Kerberos servers in DNS for the clients to discover. I evaluated a few SSO solutions about a year ago, and it seemed like some variation of the above services was how most of them were implemented. > * freeIPA (http://freeipa.org/page/Main_Page) which packages Fedora, > Fedora Directory Srver, Kerberos, NTP, DNS This is what I ended up running. More in another email. -ben -- it is important to use your hands; this is what distinguishes you from a cow or a computer operator. <paul rand>
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
