We are successfully using the PADL (Luke Howard) GSS-SASL plug-in for the iPlanet/SunOne Directory Server. We've been exceedingly pleased with the simplicity of setup and how well it works. And Luke has been *very* responsive whenever we have had any questions.
We also have Oracle working, though we haven't done any production-level work with it, yet. We're looking at the functionality of globally identified, Kerberos authenticated users that now exists in 10g. -- Tom Thomas A. La Porte, DreamWorks SKG <mailto:[EMAIL PROTECTED]> On Tue, 30 Mar 2004, Erik Arneson wrote: >On 29-Mar-2004, Brian Davidson <[EMAIL PROTECTED]> wrote: >> I'm curious how others have fared with things like: >> iPlanet/SUNOne LDAP,SMTP,IMAP and POP >> Oracle >> Email clients (which ones work for you) >> Various OSes such as: Solaris, Linux, Tru64, HP-UX, Microsoft >> Win-whatever, etc >> Any killer kerberized apps at your site > >We have OpenAFS, SMTP, IMAP, POP, PostgreSQL, CVS, and SSH all >Kerberized. As for email clients, Mail.app for OS X, Gnus (using imtest >From the Cyrus-IMAP distribution), mutt, and PINE all work great. I >don't know what the windows folks use. > >I also tend to use 'ksu' instead of 'sudo' to control user access to >other users. That's been working quite well for me. > >Here's one thing I don't have working yet, but haven't really sat down >to puzzle over: We have two KDCs. The master is behind our firewall on >a private network, but we have a slave on a public network. The only >way for users outside the private network (which is most of them) to >change their passwords is to shell into a machine that can reach the >private network somehow and run kpasswd from there. I'd like some way >for them to change their password remotely using kpasswd on public >workstations. Not sure how to work that one out yet. Any ideas? > > ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
