On Thu, 22 Jun 2006 21:22:53 +0200, Sebastian Hanigk <[EMAIL PROTECTED]> wrote:
>[EMAIL PROTECTED] (Nod) writes: > >Hello, > >>>To elaborate just a bit: Kerberos allows the server to believe that it is >>>talking to a particular Kerberos principal, which is a point in a >>>namespace entirely separate from the account space the host itself. The >>>decision of what, if any, local resources to allow this principal access >>>to is a separate matter. With SSH, you are asking for access to a >>>resource (account) that doesn't exist. It doesn't matter who you're >>>authenticated as; there's nothing to give you. >> >> Well, this makes a lot more sense now. Would you happen to know where >> I could find a good guide for integrating LDAP with ssh? I've been >> over a bunch of them, and just keep getting more confused by LDAP the >> more I read. > >you don't have to use LDAP for the accounts service; you can >authenticate via Kerberos and then use the /etc/passwd > >Regards, > >Sebastian Indeed, but I'm trying to avoid deploying updated passwd files to 100+ servers. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
