[Fedora-directory-users] Question about Kerberos and FDS

Rich Megginson rmeggins at redhat.com
Tue Oct 18 03:45:43 UTC 2005 

speedy zinc wrote:

>Thanks for replying.
>
>--- Rich Megginson <rmeggins at redhat.com> wrote:
>
>  
>
>>>Or does that
>>>mean I need to setup a kerberos server and use RHDS
>>>      
>>>
>>as
>>    
>>
>>>the backend for user information?
>>> 
>>>
>>>      
>>>
>>Yes.  When you use kinit to acquire your ticket, you
>>can use that ticket 
>>to authenticate to the directory server.
>>
>>    
>>
>
>So, if I understand what you're saying, the directory
>server is acting as the TGS?
>  
>
No.  You have to set up the usual Kerberos TGS.  The directory server 
merely uses the tickets, like any other server/service.

>I'm going to setup a kerberos tonight. Which one works
>better with FDS? MIT or Heimdal?
>  
>
I'm not sure.  The instructions we have in our docs are geared towards 
MIT, but Heimdal may work just fine.

> 
>  
>
>>>And this one:
>>>- Impersonation (proxy) for multi-tier client
>>>applications.
>>>
>>>Could someone explain what does it mean and how can
>>>      
>>>
>>it
>>    
>>
>>>be used?
>>> 
>>>
>>>      
>>>
>>Sure.  This is most often used with web apps or
>>other apps that set up a 
>>pool of connections to the directory server.  Each
>>connection in the 
>>pool is bound as a proxy user.  When a real user
>>wants to authenticate, 
>>the proxy connection passes the real user's bind
>>credentials to the 
>>directory server using the proxy auth control.
>>
>>    
>>
>
>Oh, ok. I was thinking about something else :)
>  
>
It can also mean chaining.  You can set up the directory server to use 
another directory server as a database - what we refer to as a chaining 
backend or database in our docs.  The use of a directory server to act 
as a "front-end" to another directory server is also called a proxy.

>sz
>
>
>
>	
>		
>__________________________________ 
>Yahoo! Mail - PC Magazine Editors' Choice 2005 
>http://mail.yahoo.com
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users at redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>  
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3312 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20051017/62567edd/attachment.bin>

More information about the Fedora-directory-users mailing list