Re: About how to protect network resources in LDAP environment?
On Sat, Aug 28, 2010 at 11:08 AM, Boyd Stephen Smith Jr.
<bss@iguanasuicide.net> wrote:
>
>>(2) Or we need to change to use Kerberos instead of LDAP/PAM?
>
> I believe you can do "just" your NFS authentication with Kerberos and continue
> using LDAP/PAM for most authentication; I have not tried that though.
Yes and no. Technically, you can continue using pam_ldap module. But
that means your users will have two passwords - one in LDAP and one in
Kerberos, which is no a good idea. You can just replace pam_ldap
module with pam_krb5 module in your pam stack and users should not
feel the difference really (Plus you'll get bonuses like
single-sign-on (SSO) for various network services like SSH).
--
Zaar
Reply to: