[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Kevin Tunison wrote: > > As for utilizing kerberos, you have more experience with it than me (I > have only implemented it the once thus far). I did this because the > reading I did included it, and it is included as an integral part of MS > domain/AD setups. So, I read a bit more, and it seems that the only > advantages I can find are that it's the "standard" for mixed domain > setups as far as MS is concerned ( > http://www.windowsecurity.com/articles/Kerberos-Authentication-Mixed-Windows-UNIX-Environment.html) > and extending trusts outside your network (also with MS Federated > Services in R2). In principal you can get single sign-on, rather than just a single username/password. But I'm not sure how far I can extend this. I've seen documentation suggesting Kerberos will work with SMTP AUTH and POP3 using dovecot/postfix/thunderbird|kmail|misc other MUAs, and obviously SMB with SAMBA, but as far as I know it doesn't work with Microsoft Outlook as the mail client?! So whilst there would be some advantages if it was free software everywhere, I think in other cases it makes my life harder (I'd have to have a different /etc/pam.d/{service} file for services that don't support kerberos, or need to support Kerberos plus another auth mechanism). But I'd like to have the time to work it through fully, and compare the two approaches for the software we have at work, which is probably fairly typical. - The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe. FAQ: www.dcglug.org.uk/linux_adm/list-faq.html