LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 05-16-2006, 09:54 AM   #1
labratmatt
LQ Newbie
 
Registered: Nov 2004
Location: The Matrix
Distribution: Gentoo, Redhat, OS X
Posts: 21

Rep: Reputation: 15
Post LDAP and Kerberos the right tools?


Here's the problem:
I've got a number *nix machines that I work on often and each time I log on to each one of them, I have to enter my uid/pass for authentication. I have a couple of other people that do the same thing with unique uids/passes.

Here's what I'd like to be able to do:
Sign on to one computer once, then be authenticated to my network so that when I SSH to the other machines, I don't have to enter my uid/pass again.

Notes:
Each machine has the spame user account, but each one has a different pass for the user account (for security purposes). The authentication method needs to be secure.


Any one have a suggestion? I think I've read that Kerberos with LDAP might be able to solve this problem, but I'm not quite sure how it would work or if they are the right tools for the job. Thanks for your help.
 
Old 05-16-2006, 01:24 PM   #2
ataraxia
Member
 
Registered: Apr 2006
Location: Pittsburgh
Distribution: Debian Sid AMD64
Posts: 296

Rep: Reputation: 30
You can do this with just Kerberos. You don't need LDAP, unless you want to automate maintaining /etc/passwd. Sounds like you don't have enough users to make LDAP worth the effort.

OpenSSH supports using Kerberos credentials to log in, and forwarding those credentials to the remote host (search for "GSSAPI" in the OpenSSH documentation for more details).
 
Old 05-16-2006, 01:28 PM   #3
labratmatt
LQ Newbie
 
Registered: Nov 2004
Location: The Matrix
Distribution: Gentoo, Redhat, OS X
Posts: 21

Original Poster
Rep: Reputation: 15
So why do people use LDAP if Kerberos alone will work? Does LDAP simply let you do the same thing on a larger level? Thanks!
 
Old 05-16-2006, 01:32 PM   #4
ataraxia
Member
 
Registered: Apr 2006
Location: Pittsburgh
Distribution: Debian Sid AMD64
Posts: 296

Rep: Reputation: 30
Quote:
Originally Posted by labratmatt
So why do people use LDAP if Kerberos alone will work? Does LDAP simply let you do the same thing on a larger level? Thanks!
LDAP is good for several things:
  • Keeping track of a bunch of data about people
  • Providing a central repository for data, that can be queried remotely
  • Generating other forms of the data (like passwd and group files)
  • Doing specific authorization for certain users (requires apps to understand LDAP)

So yes, LDAP is good for larger scale setups. Kerberos by itself just does basic authentication - a user can prove identity, but it doesn't say anything else about that user.
 
Old 05-30-2006, 09:46 AM   #5
vinodkumarmj
LQ Newbie
 
Registered: May 2006
Posts: 4

Rep: Reputation: 0
i have configured ldap and i do not know what is the need for having the kerberos authentication along with ldap? and how to configure the kerberos authentication.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Single Login with LDAP and Kerberos edgood1 Linux - Software 0 02-27-2006 06:01 PM
Samba with winbind, kerberos and ldap? humbletech99 Linux - Networking 2 02-03-2006 03:23 AM
Replace NIS with LDAP and Kerberos mesh2005 Linux - Networking 4 12-22-2005 04:41 AM
NIS versus LDAP/Kerberos elbe3321 Linux - Networking 2 08-27-2004 02:58 PM
tutorial on samba + ldap + kerberos coolamit78 Linux - Networking 1 06-10-2004 01:00 PM


All times are GMT -5. The time now is 10:11 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration