[Date Prev][Date Next] [Chronological] [Thread] [Top]

Segmentation fault



I think I have crashed my LDAP, it was running without authentication
configuration, but it gives me 'Segmentation fault' now. Any idea? O, I
was doing Pam and NSS ldap configuration before it happened, now I
cannot start LDAP.

Thanks
Cody



-----Original Message-----
From: Alan Sparks [mailto:asparks@doublesparks.net] 
Sent: Wednesday, June 25, 2003 11:31 AM
To: codywang@clunet.edu
Subject: RE: How to Confuse SSO


I don't have a lot of info wrt Kerberos as I do not use them.  If you
have Kerberized client software, the LDAP server can be used as a
Kerberos client and as a user data repository.  Kerberos will help
implement an SSO model where you issue a password once on the network,
again presuming every tool you use is Kerberos-aware.  We use the
unified account model here, you have to issue the password on each
machine login, but it's the same on all machines.  I think Kerberos is a
hard thing to get into, IMHO.

The RPMs are the easiest way.  Installing the RPMs you also get the
needed ldap.conf file, and the modified /etc/pam.d/ files for tying
logins to the LDAP service.  The downloads from padl are fine, you'll
just have to figure them out.

There's a tool shipped with RedHat (authconfig) that can be used to set
up the system for LDAP authentication. -Alan


cody wang said:
> Thanks for you information.
>
> Does RPMs mean only can be install from CD or I can use download gz or

> tar files from padl.com for pam_ldap?
>
> So, I can just use Open LDAP/pam_ldap/nss_ldap to do a single 
> username/password across a group of machines? Do they need to retype a

> same password for different machines?
>
> What can Kerberos 5/Cyrus-sasl/Berkeley DB do for SSO if I add them 
> later?
>
> Thanks
> Cody
>
>
>
> -----Original Message-----
> From: Alan Sparks [mailto:asparks@doublesparks.net]
> Sent: Wednesday, June 25, 2003 11:01 AM
> To: codywang@clunet.edu
> Cc: openldap-software@OpenLDAP.org
> Subject: Re: How to Confuse SSO
>
>
> You can install the pam_ldap and nss_ldap RPMs to implement a unified 
> single password scheme.  If you want to log into one machine and 
> expect to reconnect without retyping passwords, you'll probably need 
> Kerberos. If you simply want a single username/password across a group

> of machines, pam_ldap/nss_ldap and OpenLDAP is good enough.
>
> SSL/TLS is not strictly necessary, but you quite well may want it to 
> protect client to directory communication during password checks.
>
> -Alan
>
> cody wang said:
>> Hi
>>
>> I want to set-up Single Sign On (SSO) solution on Redaht Linux. 
>> However, I have read many web site reference that use different 
>> application so I am confused which on can be used for SSO?
>>
>> Do I need configure all of them? Do I really need Kerberos 5? Do I 
>> still miss something? Is TLS/SSL nessary for SSO?
>>
>> Kerberos 5/Cyrus-sasl/Open LDAP/Berkeley DB/pam_ldap/nss_ldap
>>
>>
>> Thanks
>> Cody
>
>
> ===========
> Alan Sparks, UNIX/Linux Systems Administrator 
> <asparks@doublesparks.net>
>
>
>
>
> *** Incoming Mail scanned for known Viruses by CLUnet ***


===========
Alan Sparks, UNIX/Linux Systems Administrator
<asparks@doublesparks.net>




*** Incoming Mail scanned for known Viruses by CLUnet ***