[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Authentication/Authorization Recommendations
Hello All,
First, I want to say that I understand I am probably asking for a lot
in this message, so I apologize if it irritates anyone. However, I'd
really appreciate anyone who is willing to bear with me and offer some
advice on the type of OpenLDAP configuration that would best suit my needs.
I've read through all the list posts for the past several months, have
checked the archives and the documentation. I've been experimenting with
the application with mostly successful results. The part that still evades
me is determining the best authentication and authorization mechanisms to
use for my project. With that in mind, the following are details on my
project.
I have 2 file and DB servers installed with RH9 (1 is to provide
redundancy). I do not want to trust the company NT PDC for authentication
to my servers, and would rather handle all authentication/authorization for
our servers myself (mainly limited to a single division of the company).
The environment for the whole house is Windows based (mostly Win98), so
I'll need to be running Samba for the file sharing aspect. Security from
the outside world will be provided by the company firewall, but I believe
I'd still prefer to secure all communications (no plaintext; passwords or
otherwise). I want OpenLDAP to provide authentication to my servers as
well as manage groups for authorization to shares. I'd like users to be
able to manage their own passwords (securely), and all authorization
handled by LDAP.
In short, my basic need is to determine how to best configure
openldap for best security while maintaining easy account management for my
users. I do not really want to make my own PDC though as most docs dealing
w/ Openldap and Samba together seem to lean towards. The main area that's
been boggling me thus far is the function of SASL, and how to choose a
mechanism to use.
Looking back at this message, it seems to me there is probably a lot
of area for confusion in my request. If anyone out there is willing to
offer me a clue, I'd be more than happy to expand further as much as you
require. Thanks for the patience. LDAP very newbie.
Hoping for a clue,
Jason McGlamary
Application Specialist
Division of Nursing - Nursing Informatics
Co-Chair WHC/NRH/IS Focus Forum
Washington Hospital Center
email: Jason.McGlamary@Medstar.net