LDAP
Jason L Tibbitts III
tibbs at math.uh.edu
Tue Mar 22 17:55:29 UTC 2005
>>>>> "CE" == Carwyn Edwards <carwyn at carwyn.com> writes:
CE> I agree though, the whole LDAP/Kerberos server side setup is far
CE> more fiddly than it needs to be atm.
And yet, having been through this myself, I can't see a general way to
make it much easier. Maybe some automated setup could work for one
specific case (self-signed certificates, kerberos server and LDAP
server on same machine, kerberos realm same as domain name, no
replication, and a host of other simplifying assumptions).
Actually I found that Fedora was rather well prepared for this kind of
thing. I didn't have to edit /etc/init.d scripts, which is a big
plus. The only thing I really missed was more automatic support for
Kerberos database propagation. LDAP was very clean, with slurpd
starting automatically after specifying a replogfile in slapd.conf.
It's going to be a complex system no matter how much automation anyone
does. What's really needed is better documentation of how the pieces
are supposed to fit together.
- J<
More information about the fedora-devel-list
mailing list