On August 27, 2015, Clint Savage wrote: > Haha. Becoming? No. It's the standard, and has been the standard for many
> years. Well, since I've been out of circulation for several years I probably would have missed the ascendancy. So cut me a little slack, okay? I'm playing catch-up here! > If you are still here trying to solve what essentially looks to me like an > identity management problem (or idM as red hat likes to call it), I highly > recommend FreeIPA. It handles kerberos, pam, samba, and NFS > authentication/authorization with ease. It also allows for radius and totp > auth. Can't say I've heard of totp. What's that? As for the rest, that's certainly handy. I'll still need to understand other things like ldap though, unless you're telling me that FreeIPA stores it all in a *SQL database? Didn't think so. So if FreeIPA writes to a kerberos database (for want of a better term off my head), I will still need LDAP or something similar to hook into my Mail Daemons(exim & courier) so that they can read the user information. Last I heard, neither was capable of obtaining authorization from Kerberos. Now, if they in fact CAN read directly from Kerberos, that makes it a bit easier, but I don't recall Kerberos being supported off my head. Now if FreeIPA handles the LDAP portion too, then that's good. I just need to understand how it stores the information and then understand how to write an LDAP query. > But if you want to go back to debating the efficacy of kerberos and pam, > I'm sorry but you are doing it wrong. This isn't an opinion, it is a proven > mechanism and should be given great credit. It's much of why the security > of *nix systems has been better than others for so long. Hey, hey, hey. Slow down. First, I wasn't arguing ANYTHING. I SAID I wanted to learn more because I wanted to understand it, NOT because I was trying to say it wouldn't work! Second, as I just said above, I've been out of circulation for many years now (nearly 10 years in fact!) so what's current is still very new to me! So cut me a LITTLE slack! All I've said is that I'm used to using *sql databases and they have always worked for me. I most certainly did NOT say that I would not consider anything else! Nor did I try to say that my was better than any other way! The whole POINT of this topic was that I was trying to LEARN good ways to handle this! Good grief! I will look at FreeIPA, but don't snap my head off! --- Dan On Thu, Aug 27, 2015 at 6:23 AM, Clint Savage <[email protected]> wrote: > > And if Kerberos is becoming the defacto standard these days I guess I > need to read up on it. > > Haha. Becoming? No. It's the standard, and has been the standard for many > years. > > > I'll see if I can't find a good book or two on the system. > > If you are still here, trying to solve what essentially looks to me like an > identity management problem (or IdM as red hat likes to call it), I highly > recommend FreeIPA. It handles kerberos, pam, samba, and NFS > authentication/authorization with ease. It also allows for radius and totp > auth. > > But if you want to go back to debating the efficacy of kerberos and pam, > I'm sorry but you are doing it wrong. This isn't an opinion, it is a proven > mechanism and should be given great credit. It's much of why the security > of *nix systems has been better than others for so long. > > Have a nice day. > > herlo > > /* > PLUG: http://plug.org, #utah on irc.freenode.net > Unsubscribe: http://plug.org/mailman/options/plug > Don't fear the penguin. > */ > /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
