On Thu, 04 Nov 2004 16:07:09 -0500, Mark Kempster <[EMAIL PROTECTED]> wrote: [...] > That being said, I'm ready to graduate to something a bit more > industrial-strength. After some light reading, it seems that ldap > can be the foundation for some services (I'm interested mostly in > webdav, svn, ssh, imap, smtp). From the admin side, I'm looking for > a single method of authentication where users can manage their > own accounts (read: change their own passwords). > > I _think_ Trilug's infrastructure went through something similar > (though presumably a bit more involved) with the single sign-on > infrastructure that was implemented. > > http://www.trilug.org/pipermail/trilug/Week-of-Mon-20020729/009433.html > explains some of the reasoning. > > Are there any Trilug resources (notes, presentations, config files) > around to shed light on the overall picture and the moving parts of > this infrastructure?
Mark, As far as the single sign on is concerned, we pretty much implemented things exactly as described in the document "Replacing NIS with Kerberos and LDAP" found at: http://www.ofb.net/~jheiss/krbldap/ (as, in fact, that e-mail notes) That's actually the main reason it's never been written up (since it was already done). For the IMAP server I elected to go with a customized version of the Washington University IMAP server since documentation on it was more readily available and it was easier to setup than Cyrus. Over the last two years, however, the situation with Cyrus has gotten much better and if I were to setup the server today I would definitely use Cyrus instead of WU-Imap (in fact, over the past few weeks I did just that on a personal server and I can attest that Cyrus IMAP really rocks over WU-IMAP, even though I think the TriLUG Imap server is very good). Setting up cyrus imap on debian or mandrake these days basically entails installing the provided packages and setting up the configuration files. It's really quite simple. > If not, is this the sort of topic good for a mini-course? We have had presentations and mini-courses on just LDAP before, but never on a combined LDAP/Kerberos combination. I would be happy to put together a presentation on it, but it would probably be fairly similar to the above web page... :-/ I could also put together a presentation on IMAP servers and highlight the pros and cons of various different imap servers (currently I'd say the big ones are wu-imapd, cyrus, and dovecot). Would anyone be interested in either of those? It probably wouldn't be until next year, since I think we're booked for presentations through January. If people would prefer a course on either of those we could probably do it sooner... Cheers, Tanner -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
