[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Segmentation fault
I think I have crashed my LDAP, it was running without authentication
configuration, but it gives me 'Segmentation fault' now. Any idea? O, I
was doing Pam and NSS ldap configuration before it happened, now I
cannot start LDAP.
Thanks
Cody
-----Original Message-----
From: Alan Sparks [mailto:asparks@doublesparks.net]
Sent: Wednesday, June 25, 2003 11:31 AM
To: codywang@clunet.edu
Subject: RE: How to Confuse SSO
I don't have a lot of info wrt Kerberos as I do not use them. If you
have Kerberized client software, the LDAP server can be used as a
Kerberos client and as a user data repository. Kerberos will help
implement an SSO model where you issue a password once on the network,
again presuming every tool you use is Kerberos-aware. We use the
unified account model here, you have to issue the password on each
machine login, but it's the same on all machines. I think Kerberos is a
hard thing to get into, IMHO.
The RPMs are the easiest way. Installing the RPMs you also get the
needed ldap.conf file, and the modified /etc/pam.d/ files for tying
logins to the LDAP service. The downloads from padl are fine, you'll
just have to figure them out.
There's a tool shipped with RedHat (authconfig) that can be used to set
up the system for LDAP authentication. -Alan
cody wang said:
> Thanks for you information.
>
> Does RPMs mean only can be install from CD or I can use download gz or
> tar files from padl.com for pam_ldap?
>
> So, I can just use Open LDAP/pam_ldap/nss_ldap to do a single
> username/password across a group of machines? Do they need to retype a
> same password for different machines?
>
> What can Kerberos 5/Cyrus-sasl/Berkeley DB do for SSO if I add them
> later?
>
> Thanks
> Cody
>
>
>
> -----Original Message-----
> From: Alan Sparks [mailto:asparks@doublesparks.net]
> Sent: Wednesday, June 25, 2003 11:01 AM
> To: codywang@clunet.edu
> Cc: openldap-software@OpenLDAP.org
> Subject: Re: How to Confuse SSO
>
>
> You can install the pam_ldap and nss_ldap RPMs to implement a unified
> single password scheme. If you want to log into one machine and
> expect to reconnect without retyping passwords, you'll probably need
> Kerberos. If you simply want a single username/password across a group
> of machines, pam_ldap/nss_ldap and OpenLDAP is good enough.
>
> SSL/TLS is not strictly necessary, but you quite well may want it to
> protect client to directory communication during password checks.
>
> -Alan
>
> cody wang said:
>> Hi
>>
>> I want to set-up Single Sign On (SSO) solution on Redaht Linux.
>> However, I have read many web site reference that use different
>> application so I am confused which on can be used for SSO?
>>
>> Do I need configure all of them? Do I really need Kerberos 5? Do I
>> still miss something? Is TLS/SSL nessary for SSO?
>>
>> Kerberos 5/Cyrus-sasl/Open LDAP/Berkeley DB/pam_ldap/nss_ldap
>>
>>
>> Thanks
>> Cody
>
>
> ===========
> Alan Sparks, UNIX/Linux Systems Administrator
> <asparks@doublesparks.net>
>
>
>
>
> *** Incoming Mail scanned for known Viruses by CLUnet ***
===========
Alan Sparks, UNIX/Linux Systems Administrator
<asparks@doublesparks.net>
*** Incoming Mail scanned for known Viruses by CLUnet ***