Matt Benjamin <[EMAIL PROTECTED]> wrote: >> Kerberos is fully wired into Linux distributions, is already used at large sites, and is increasingly widely used outside its traditional base. <<
I hear you, Matt, but in my travels (Europe, Australasia), I'm not seeing any Kerberos implementations in production. Admittedly, I haven't been asking people "Do you use Kerberos", but in discussions about single-sign-on authentication, it's never come up, either.The lack of popularity might be down to the old export controls. (In fact, I few years ago, when I went to the MIT Kerberos site to download source, I was denied access, since my IP address was outside the US - and this was *after* the export restrictions were removed!). I'd really like to have some objective measure of how widely Kerberos is actually used. The fact that *I* use something, and think everyone else ought to, too, doesn't make it a compelling topic for a certification exam. >> The original task suggestion (as I saw it on this list) did cover one aspect of LDAP integration, ie SASL. Other kinds of LDAP integration, apart from "join MS AD domain using Samba" would I think be more prescriptive than descriptive, though maybe there could be tasks that require understanding of the relation between LDAP notions of user accounts (ie, posixaccount) or just people (eg, person, inetorgperson) and Kerberos principals? That would be universally applicable. (Noting that some very large sites that use both LDAP and Kerberos, don't publish Unix user accounts from LDAP, for a variety of reasons, while others do.) << Agreed; though I suspect that LDAP could make a certification exam all of its own [glances at fat manila folder full of LDAP HOW-TO's, pages on authentication modules, etc]. Best, --- Les Bell, RHCE, CISSP [http://www.lesbell.com.au] _______________________________________________ lpi-examdev mailing list [EMAIL PROTECTED] http://list.lpi.org/mailman/listinfo/lpi-examdev
