[TriLUG] LDAP Question
lovelace at wayfarer.org
Tue Aug 20 14:25:43 EDT 2002
On Tue, 2002-08-20 at 14:12, Michael Alan Dorman wrote:
> Oh, yeah, I agree entirely. All my access in the project I'm working
> on is over localhost, and always will be, so I've been able to be not
> quite so diligent.
Yeah, if all your access is through localhost it's probably
pretty secure. But, if you're only working with one computer,
why bother using ldap? Why not just use the standard files?
> Did you find any particularly good source for Kerberos info? I've
> looked from afar for, well, _years_, and never found anything that
> seemed to remove the mystery---and I learned how to do OO-perl from
> the perl 5.001 manpages, so I'm not an idiot when it comes to
> comprehending documentation.
> Twisted, maybe, but not incapable. :-)
I found a few. Probably the best one is
http://www.ofb.net/~jheiss/krbldap/ Both the powerpoint and
the paper are really good. (Yeah, I know it has a powerpoint, but
it works real well with crossover office.) I've also got a couple
of other PDF files I can send you if you want (since I don't remember
their URLs. :-()
> I wasn't sure if you were intending to make a joke or not...
> Not a problem. It may actually take the weekend, we'll see.
Take a look at the libuser thing from my last message. It seems
to be an attempt to make standard user tools with pluggable back
> > Well, you could pull a source rpm from redhat, use rpm2cpio to
> > extract it and then tar/gunzip the source and look at what it does?
> Didn't quite make it to my last sentence, did we? :-)
Well, that's why I suggested using rpm2cpio which converts an
rpm to be a standard cpio file which can then be used with
tools in debian. And, I suggested getting the source from
redhat because I didn't know if Debian had anything equivalent.
The same probably goes with the libuser stuff. AFAIK, it appears
it was written by redhat, so I'm guessing it's not in Debian... yet.
> Actually, I found (on one of the redhat boxes I administer :-) an
> /etc/defaults/useradd that looks populated, and it should be a piece
> of cake to parse.
Okay, that would work too.
Right now, it seems our biggest problem with the ldap stuff
is getting the GSSAPI (Kerberos) authentication to work correctly.
Kerberos is setup and working for logging in, but there's something
not quite correctly setup with it and ldap (when modifying the
ldap database, that is). That's not as important, however, since
basic (non-sasl) authentication to ldap still works.
Tanner Lovelace | lovelace at wayfarer.org | http://wtl.wayfarer.org/
GPG Fingerprint = A66C 8660 924F 5F8C 71DA BDD0 CE09 4F8E DE76 39D4
GPG Key can be found at http://wtl.wayfarer.org/lovelace.gpg.asc
Si hoc legere scis, nimium eruditionis habes.
More information about the TriLUG