Hi. Thank you all for the good advices. Now I just have to decide how to proceed...
2014-02-18 1:59 GMT+02:00 Paul Robert Marino <[email protected]>: > TLS/SSL won't work correctly if you use the /etc/hosts file. That is the > real constraint with LDAP and DNS. > But its not that severe all you need to be able to do is forward and > reverse lookup the host name and match it to the IP address. > You do not really need the SRV records. As long as the name in the cert > matches the DNS A record for the hostname(s) and the reverse lookup of the > resulting IP also matches the hostname(s) in the cert you are good. > > One other option is you don't really need the passwords in the LDAP > database you can put it in Kerberos then you don't have to worry about > clear text passwords at all and there are no DNS requirements. > > It takes a out 15 minutes to set up a Kerberos server and only about an > hour to setup 389 server (a.k.a Red Hat Directory server a.k.a. Netscape > Directory Server) from scratch to use Kerberos Auth. > Then on your client configs you specify the IP addresses instead of the > host names. > > > > > > > > -- Sent from my HP Pre3 > > ------------------------------ > On Feb 17, 2014 9:09, Tam Nguyen <[email protected]> wrote: > > If you wanted to avoid DNS, then you can *temporarily* achieve that on RH > Identity Management by updating the /etc/hosts files on the server and > client nodes. > > -Tam > > > > On Mon, Feb 17, 2014 at 6:57 AM, צביקה הרמתי <[email protected]>wrote: > >> Hi. >> >> I want to have several hosts, sharing the same Users Accounts database. >> i.e, user "John" will be able to seamlessly login to host1 or to host2, >> without having to manually config "John"'s credentials unto each machine. >> Nothing more than that... >> >> LDAP seems like the solution, however, I tried to find an easy tutorial >> and understood that maybe it's a little bit overkill for my humble >> requirements. >> >> I've read about RH Identity Management ( >> https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/index.html >> ) >> It seemed interesting; but its DNS requirements are a little bit too >> complicated for scenerio (having the IDM server's public IP properly >> configured DNS record). >> >> Am I missing something? >> There must be simpler way... >> >> Thanks, >> Zvika >> > >
