You can use Kerberos as the authorization backend for OpenLDAP (which you're probably going to use) : http://www.openldap.org/doc/admin23/...Authentication.

erm..mind elaborate more
what is authorization backend for OpenLDAP?

I have search through web about LDAP and i noticed there are different software about LDAP. Is LDAP = OpenLDAP??

Is it alright for me to just chose 1 LDAP software to download?

Is the libnss_ldap bundled together with the LDAP or i need to download seperately??

thank u very much
thanks for all the help^^

I don't know if that is quite right. There is a PAM kerberos library. And you can include the kerberosobject.schema in the sldap.conf file.
http://www.securityfocus.com/infocus/1427
The ldap config documentation referenced has a section on using Kerberos V.
http://www.openldap.org/doc/admin23/sasl.html
A backend for ldap would be a database that is used to store the information, such as mysql or berkleydb.
There isn't an nss library for kerberos because kerberos doesn't supply enough of the information that nsswitch would need.

http://www.securityfocus.com/infocus/1428
This page mentions a couple commercial LDAP servers, like Novel's. It say's that openLDAP is a little slower when doing simultaneous reads and writes. It might be that the others you mentioned are actually openldap but the package name doesn't reflect that.

That's up to you but the ldap server and client that your distro supplies will probably work better.
The GUI config tool for the LDAP server if any may assume you use openLDAP.

Not for SuSE linux. There is a separate nss_ldap package and a separate pam_ldap package.
The samba installation may install krb support, but when using ldap, they recommend installing the latest kerberos packages, which also are packaged separately, as in the krb5, krb5-client and pam_krb5 packages. Another Distro may package things separately.

One more link, but you probably have is is the OpenLDAP Administration Guide. It will certainly have better information than I can give you.
http://www.openldap.org/doc/index.html

PAM kerberos library??
so now i have 2 Ubuntu laptop
1 will be the cient the other is LDAP sever
so i will using PAM to authenticate from my client to my server
am i right to say so?

but in the other way i can use kerberos to authenticate from my client to the LDAP server?

so there will be 2 types of authentication??

things i need to installed(for PAM and LDAP):
LDAP
separate nss_ldap package
separate pam_ldap package

what about the kerberos?

thanks for all the website that u guys have given to me.
thank u so much

I'm not an expert there, but here's my understanding of your architecture.

For me there will not be two types of authentication, but only one : LDAP, which can use its own internal authentication mecanisms or alternatively use Kerberos as a backend for authenticating users. The front software and users will only see LDAP, they will not be aware if you're using Kerberos or something else in the background (I might be wrong since I didn't really dive into 'Kerberos with LDAP').

You have to remember that LDAP is basically a way to access structured data (LDAP = Lightweight Directory Access Protocol), it's main goal is not authentication/authorization.

However, storing accounts in a LDAP database is common and many applications have a LDAP module to use it as an authentication system.

So you have to find, install and configure the ldap module for each application (http, ftp, ...), and the accounts will be stored in the LDAP database and so will be easily manageable.

For instance, via http you can use mod_ldap in apache to require users to authenticate through LDAP.
Through a Unix login, you can tell the PAM mecanism to use your ldap database (PAM = Pluggable Authentication Modules).
Etc.

I can't help you with the more technical stuff since I've limited myself to a very simple use of LDAP.

Good luck

I thought that kerberos was a requirement you were given. It is commonly used for samba so that it can operate in a windows environment. However since you didn't mention samba, I don't think you really need it. Rely on PAM & LDAP. If you want to secure channel between the host and the LDAP server, use SSL.
I think that would provide built in authentication for the LDAP server, because your other laptop needs the correct certificate.

Using ldap & kerberos on such a small scale seems odd to me.
From what I read, there will normally be a primary and a backup ldap server. An possibly a separate mysql or other database server. However with only a handful of hosts, a database table backend ( such as lazycat) would suffice.

If you are set on kerberos authentication, look in the Samba 3 by Example and Samba 3 Howto & Reference books.

Got any singaporean good in ubuntu?
about the authentication between client and server
URGENT!!!!!