When you start talking about "single sign on", well, you're opening a can of worms - just cuz there's a lot of opinions and methods to do so. But from what I've seen none of them are really simple.
Sure the MS domain model can be done (via Samba even), but I think any sys admin that has been dealing with MS domains for more than a couple workstations can attest to the fact that it's sometimes not so simple and can get downright ugly. But, LDAP seems to be central to most of the single sign on methods I've heard about. So, if you did that, you also get the other things LDAP brings to the table for you (contact management, resource management, etc., if you wanted them). But LDAP is NOT simple. At least not "point 'n click" simple. You're really talking about two different topics here. First is file sharing, and the various methods this may be done. Second is authentication (via the single sign on). They are related in that you only want authenticated/authorized people accessing your files. But the file sharing method you choose does not necessarily dictate the authentication method you use. If you find a nice easy way of doing both, let us know. Better yet, a presentation would be in order... :) Shawn Ian Bruseker wrote: > On 6/26/07, Gustin Johnson <[EMAIL PROTECTED]> wrote: >> I use samba/cifs for pretty much all file sharing these days. smb4k is >> handy for browsing for shares on any given network. On my own lan I >> simply have entries in my /etc/fstab for mounting the usual shares, with >> user names and passwords in a credentials file. >> > Ya, and for a small network (I'm talking 4 computers at home, > including the IPCop box) that's cool. I was just pondering how one > would do it in a bigger network, where you don't know every computer's > name and IP by heart. ;-) > >> Single sign on would likely come from kerberos, just as it does in the >> Windows world (Active Directory). Of course your server services would >> need to support kerberos (samba and ssh do). I used to have kerberos >> authenticating samba and ssh, before I reduced the number of machines in >> my lan to 3, which makes that a ridiculously overpowered solution. >> > This gets me to thinking, does LDAP fit into this somehow? I know > it's something AD does. I'm wondering, how does one centrally manage > the user accounts? > > Ian > > _______________________________________________ > clug-talk mailing list > [email protected] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
