On 04/27/2012 07:38 AM, "Paul DiSciascio" wrote: > Hi, > I'm in the early stages of a project to deploy a unix-only kerberos > realm that will serve around 1000 unix servers. It's an MIT kerberos > realm with the KDCs on SuSE Linux. > > Does anyone have any experience doing something like this? I'm trying > to nail down some of the finer details of the design, for example: > > a. whether to use the traditional database backend or the ldap > backend, and the replication implications of this decision. > b. how to ensure users dont have problems with confusion between > local credentials and kerberos credentials > c. methods for allowing admins to log into servers for kerberos > triage > d. use of specific encryption types if I want to consider a trust > with an AD realm some time down the road > > > Any insight or advice is welcome.
You really want to look at FreeIPA, http://freeipa.org, particularly if you are implementing something from the ground up. If you want a supported version, it comes with the base subscription in RHEL6. Cheers, Brian > > > ~Paul > > > _______________________________________________ > Tech mailing list > [email protected] > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
