Quote:
Originally Posted by factos
PAM kerberos library??
so now i have 2 Ubuntu laptop
1 will be the cient the other is LDAP sever
so i will using PAM to authenticate from my client to my server
am i right to say so?
but in the other way i can use kerberos to authenticate from my client to the LDAP server?
so there will be 2 types of authentication??
|
I'm not an expert there, but here's my understanding of your architecture.
For me there will not be two types of authentication, but only one : LDAP, which can use its own internal authentication mecanisms or alternatively use Kerberos as a backend for authenticating users. The front software and users will only see LDAP, they will not be aware if you're using Kerberos or something else in the background (I might be wrong since I didn't really dive into 'Kerberos with LDAP').
You have to remember that LDAP is
basically a way to access structured data (LDAP = Lightweight Directory Access Protocol), it's main goal is not authentication/authorization.
However, storing accounts in a LDAP database is common and many applications have a LDAP module to use it as an authentication system.
So you have to find, install and configure the ldap module for each application (http, ftp, ...), and the accounts will be stored in the LDAP database and so will be easily manageable.
For instance, via http you can use mod_ldap in apache to require users to authenticate through LDAP.
Through a Unix login, you can tell the PAM mecanism to use your ldap database (PAM = Pluggable Authentication Modules).
Etc.
I can't help you with the more technical stuff since I've limited myself to a very simple use of LDAP.
Good luck