[TriLUG] Info on trilug's single signon setup?

Turnpike Man turnpike420 at yahoo.com
Thu Nov 4 18:00:09 EST 2004


I would be VERY VERY interested in LDAP/Kerberos single sign-on course!!! 
Something to learn and understand in depth for the future when W2K w/ ADS
becomes out of date, I'll have something Linux based to replace it with!  :)

Thanks,
David M.

--- Tanner Lovelace <clubjuggler at gmail.com> wrote:

> On Thu, 04 Nov 2004 16:07:09 -0500, Mark Kempster <mark at kempster.org> wrote:
> [...]
> > That being said, I'm ready to graduate to something a bit more
> > industrial-strength. After some light reading, it seems that ldap
> > can be the foundation for some services (I'm interested mostly in
> > webdav, svn, ssh, imap, smtp). From the admin side, I'm looking for
> > a single method of authentication where users can manage their
> > own accounts (read: change their own passwords).
> > 
> > I _think_ Trilug's infrastructure went through something similar
> > (though presumably a bit more involved) with the single sign-on
> > infrastructure that was implemented.
> > 
> > http://www.trilug.org/pipermail/trilug/Week-of-Mon-20020729/009433.html
> > explains some of the reasoning.
> > 
> > Are there any Trilug resources (notes, presentations, config files)
> > around to shed light on the overall picture and the moving parts of
> > this infrastructure?
> 
> Mark,
> 
> As far as the single sign on is concerned, we pretty much implemented
> things exactly as described in the document "Replacing NIS with Kerberos 
> and LDAP" found at:
> 
> http://www.ofb.net/~jheiss/krbldap/
> 
> (as, in fact, that e-mail notes) That's actually the main reason it's never 
> been written up (since it was already done).
> 
> For the IMAP server I elected to go with a customized version of
> the Washington University IMAP server since documentation on it
> was more readily available and it was easier to setup than Cyrus.
> Over the last two years, however, the situation with Cyrus has gotten
> much better and if I were to setup the server today I would definitely
> use Cyrus instead of WU-Imap (in fact, over the past few weeks
> I did just that on a personal server and I can attest that Cyrus IMAP
> really rocks over WU-IMAP, even though I think the TriLUG Imap server
> is very good).   Setting up cyrus imap on debian or mandrake these
> days basically entails installing the provided packages and setting
> up the configuration files.  It's really quite simple.
> 
> > If not, is this the sort of topic good for a mini-course?
> 
> We have had presentations and mini-courses on just LDAP
> before, but never on a combined LDAP/Kerberos combination.
> I would be happy to put together a presentation on it, but it
> would probably be fairly similar to the above web page... :-/
> 
> I could also put together a presentation on IMAP servers
> and highlight the pros and cons of various different imap servers
> (currently I'd say the big ones are wu-imapd, cyrus, and dovecot).
> 
> Would anyone be interested in either of those?  It probably wouldn't
> be until next year, since I think we're booked for presentations
> through January.  If people would prefer a course on either of
> those we could probably do it sooner...
> 
> Cheers,
> Tanner
> -- 
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc
> 



		
__________________________________ 
Do you Yahoo!? 
Check out the new Yahoo! Front Page. 
www.yahoo.com 
 




More information about the TriLUG mailing list