Hi Petter, hi Moritz, On Mi 21 Aug 2013 20:30:06 CEST Petter Reinholdtsen wrote:
The goal is to migrate everything to Kerberos, but we have not had time to figure out how to do this with all the services provided by Debian Edu yet.
Authenticating LDAP bind via Kerberos is feasible and easy to set up. That will come for D-E jessie (i.e. post-wheezy).
What is not possible is using Kerberos as a Samba Authentication backend. We could start playing with Samba4 and activating AD in Samba, but then we need a replacement for GOsa² that knows how to maintain an Active-Directory-like LDAP data information tree. So, this is very unlikely to come within the next decades ;-) (though you never can be sure!!!).
i ask because that could cause a problem with my migrating pasaworshashes from older skole versions.It will. The olds hash is only usable for LDAP bind and Samba, while login now require Kerberos info.
The password sync'ing currently is provided via GOsa² password changes and via password changes through Samba (Ctrl+Alt+Del -> Change password on Windows machines).
We still need to establish a cmdline replacement that works via PAM. (see [1]).
Mike [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704461 -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
Attachment:
pgpdh5SAPrL6v.pgp
Description: Digitale PGP-Unterschrift