User Mangment: LDAP, AFS, Kerberos
Hi
I'm thinking about creating a central managed user and data system here. It
should use AFS (OpenAFS) as virtual filesystem and LDAP (OpenLDAP) as User
and Comuter info Database. I tried this earlier but it ended in more than one
user database (LDAP and AFS (kerberos 4)). I thought of using Kerberos 5 as
login and credentials manager because its very secure. I am not sure if it is
possible for this three compnents (AFS,LDAP and Kerberos 5) to interact
together using LDAP as central infobase. M$ has managed to get that to work
with its AD and Login system and DFS wich is all kerberos 5 based.
There are several issues wich need to be thought about:
- Is there a need for Kerberos 5? Is LDAP over SSL not equal secure?
- Is there a possiblity to trim OpenAFS to LDAP so that it not uses its own
userdatabases?
- If Kerberos 5 is needed is there a way to trim it to LDAP?
The system should be the most secure and the most simple one :)). The more
complex a system gets the more points of attac there are.
RFC
cheers,
Raffaele
--
Raffaele Sandrini <rasa@gmx.ch>
Annoyed about M$ Windows? Don't worry. Try Linux! (www.linux.org)
Reply to: