[TriLUG] Info on trilug's single signon setup?
Tanner Lovelace
clubjuggler at gmail.com
Thu Nov 4 16:32:28 EST 2004
On Thu, 04 Nov 2004 16:07:09 -0500, Mark Kempster <mark at kempster.org> wrote:
[...]
> That being said, I'm ready to graduate to something a bit more
> industrial-strength. After some light reading, it seems that ldap
> can be the foundation for some services (I'm interested mostly in
> webdav, svn, ssh, imap, smtp). From the admin side, I'm looking for
> a single method of authentication where users can manage their
> own accounts (read: change their own passwords).
>
> I _think_ Trilug's infrastructure went through something similar
> (though presumably a bit more involved) with the single sign-on
> infrastructure that was implemented.
>
> http://www.trilug.org/pipermail/trilug/Week-of-Mon-20020729/009433.html
> explains some of the reasoning.
>
> Are there any Trilug resources (notes, presentations, config files)
> around to shed light on the overall picture and the moving parts of
> this infrastructure?
Mark,
As far as the single sign on is concerned, we pretty much implemented
things exactly as described in the document "Replacing NIS with Kerberos
and LDAP" found at:
http://www.ofb.net/~jheiss/krbldap/
(as, in fact, that e-mail notes) That's actually the main reason it's never
been written up (since it was already done).
For the IMAP server I elected to go with a customized version of
the Washington University IMAP server since documentation on it
was more readily available and it was easier to setup than Cyrus.
Over the last two years, however, the situation with Cyrus has gotten
much better and if I were to setup the server today I would definitely
use Cyrus instead of WU-Imap (in fact, over the past few weeks
I did just that on a personal server and I can attest that Cyrus IMAP
really rocks over WU-IMAP, even though I think the TriLUG Imap server
is very good). Setting up cyrus imap on debian or mandrake these
days basically entails installing the provided packages and setting
up the configuration files. It's really quite simple.
> If not, is this the sort of topic good for a mini-course?
We have had presentations and mini-courses on just LDAP
before, but never on a combined LDAP/Kerberos combination.
I would be happy to put together a presentation on it, but it
would probably be fairly similar to the above web page... :-/
I could also put together a presentation on IMAP servers
and highlight the pros and cons of various different imap servers
(currently I'd say the big ones are wu-imapd, cyrus, and dovecot).
Would anyone be interested in either of those? It probably wouldn't
be until next year, since I think we're booked for presentations
through January. If people would prefer a course on either of
those we could probably do it sooner...
Cheers,
Tanner
More information about the TriLUG
mailing list