[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAPv3: The OpenLDAP/Kerberos/SASL soup (was Kerberos andDIGEST-MD5)



On Thursday, July 29, 2004, at 08:36 PM, Andreas Schuldei wrote:
...
Debian-edu tries to be a key-turn educational system (for
schools) providing several services (optionally on different
servers). Adding new servers (e.g. terminal servers) to the
network would require to add the server to the domain which of
cause would require human admin interaction on the Main server
side (otherwise anyone could add his machine as a server). But
that should be minimal, manageable even for teachers.

Your tool could solve this once the authenticy of the new machine
is established and kerberos is up and running. Could LDAP help me
do even the bootstraping in a secure fashion?

I see Quanah has already addressed the basic outline of Stanford's service for doing this, and it pretty much applies to ours too. I'm sure most of this could be done through LDAP instead, as an alternative network protocol with authentication, authorization and encryption. But the principles are the same, and what can be done is the same.

	Donn Cave, donn@u.washington.edu