Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Here's the problem:
I've got a number *nix machines that I work on often and each time I log on to each one of them, I have to enter my uid/pass for authentication. I have a couple of other people that do the same thing with unique uids/passes.
Here's what I'd like to be able to do:
Sign on to one computer once, then be authenticated to my network so that when I SSH to the other machines, I don't have to enter my uid/pass again.
Notes:
Each machine has the spame user account, but each one has a different pass for the user account (for security purposes). The authentication method needs to be secure.
Any one have a suggestion? I think I've read that Kerberos with LDAP might be able to solve this problem, but I'm not quite sure how it would work or if they are the right tools for the job. Thanks for your help.
You can do this with just Kerberos. You don't need LDAP, unless you want to automate maintaining /etc/passwd. Sounds like you don't have enough users to make LDAP worth the effort.
OpenSSH supports using Kerberos credentials to log in, and forwarding those credentials to the remote host (search for "GSSAPI" in the OpenSSH documentation for more details).
So why do people use LDAP if Kerberos alone will work? Does LDAP simply let you do the same thing on a larger level? Thanks!
LDAP is good for several things:
Keeping track of a bunch of data about people
Providing a central repository for data, that can be queried remotely
Generating other forms of the data (like passwd and group files)
Doing specific authorization for certain users (requires apps to understand LDAP)
So yes, LDAP is good for larger scale setups. Kerberos by itself just does basic authentication - a user can prove identity, but it doesn't say anything else about that user.
i have configured ldap and i do not know what is the need for having the kerberos authentication along with ldap? and how to configure the kerberos authentication.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.