Differences between revisions 1 and 2
Revision 1 as of 2009-02-23 15:21:51
Size: 621
Editor: StevePomeroy
Comment:
Revision 2 as of 2009-02-23 17:24:16
Size: 627
Editor: StevePomeroy
Comment:
Deletions are marked like this. Additions are marked like this.
Line 5: Line 5:
== Overview ==  == Overview ==
Line 7: Line 7:
1. Kerberos server
1. Kerberos client
1. LDAP Server
1. PAM / NSS
1. Apache

 
1. Kerberos server
 1. Kerberos client
 1. LDAP Server
 1. PAM / NSS
 1. Apache

LDAP + Kerberos

LDAP and Kerberos together make for a great combination. Kerberos is used to manage credentials securely (authentication) while LDAP is used for determining criteria about the accounts, such as what they're allowed access to (authorization) and other account metadata. Most other LDAP setups involve in storing passwords in the LDAP directory itself using the userPassword attribute, which is ok for a basic setup, but one can do better with just a little effort.

Overview

this is a work in progress

  1. Kerberos server
  2. Kerberos client
  3. LDAP Server
  4. PAM / NSS
  5. Apache