On Thu, 2007-07-05 at 12:45 -0600, Kenneth Burgener wrote: > Michael L Torrie wrote: > Correct me if I am wrong, but LDAP is simply an information storage > service? How would I go about using LDAP to do secure encrypted > password authentication?
You're essentially correct. LDAP by itself isn't technically enough, although as Dave mentioned, with SSL and TLS it's pretty secure. LDAP when combined with Samba and Kerberos becomes a powerful solution. Basically Samba stores its password hashes in LDAP (this will change in Samba 4 with ActiveDirectory and MS Kerberos compatibility), so it would need read access to those fields, but regular anonymous folks don't. NSS-ldap brings in LDAP users as unix users (which only requires anonymous access) and then Kerberos provides authentication for unix machines. > > You wouldn't happen to know of any really good tutorials/"how to" for > this, would you? The Samba 3 howto has pretty good information on using Samba and LDAP together. Also the original doc on all of this is from Turbo Fredricsson at http://www.bayour.com/Implementing_LDAPv3/Implementing_LDAPv3.html Note that his new table of contents on this document is a pain. you have to click on the chapter headings themselves. > > Thanks, > Kenneth > > /* > PLUG: http://plug.org, #utah on irc.freenode.net > Unsubscribe: http://plug.org/mailman/options/plug > Don't fear the penguin. > */ > /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
