[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Kerberos Integration (Was: Fedora Crypto Consolidation Project)

On Sat, 2007-09-01 at 21:59 -0600, Jerry James wrote:

> Let me tell you my experience.  Around the first of this year, I
> decided to use kerberos+ldap to manage the machines in my research
> lab.  After spending hours reading documentation and experimenting
> with kerberos and ldap separately, I got everything configured.  It
> was only then that I discovered that libuser doesn't support
> kerberos+ldap.

James, I made some patches to make libuser a bit more friendly to
SASL/GSSAPI recently, but the problem with libuser is that it is built
around the /etc/passwd and its 5 fields |(+ shadow and its few more
fields) only.
Libuser lacks the breadth to manage anything based on ldap, which is
extensible and more complex even with the current very basic
objectClasses available.

In FreeIPA we are try to come up with better tools to deal with the
specifics of an extensible infrastructure.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]