[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: kerberos, openssl, openldap and cyrus-sasl
Prakash Velayutham wrote:
Hi All,
I have browsed through the various threads dealing with this topic,
but can't seem to figure the right order of things. Could someone here
help me get started?
I need kerberos, openssl, cyrus-sasl and openldap all to be installed
and configured so that I can have an integrated authentication and
authorization setup (I also have to include samba in the mix
somewhere, but that I think can be plugged in later). What kind of
data should reside in what database and how do I configure the entire
network to use this security setup (including Windows and Linux systems)?
You will certainly need Samba in order to integrate the Windows side,
that or www.padl.com's XAD. XAD would be the easiest route as it already
has all of the above pieces integrated for you.
Otherwise the best integrated setup uses Heimdal Kerberos with its KDC
storing its data in slapd. Then all account administration can be done
with one set of tools entirely in LDAP. (If you're not going to use XAD,
the next easiest approach is to use Symas CDS, which has everything
except Samba integrated already.) Doing the builds in the right order
can be tricky since Cyrus SASL may have circular dependencies on LDAP,
and OpenSSL may have circular dependencies on Kerberos (if you enable
certain options). Probably this discussion is best left to the
ldap-interop mailing list since it involves so many different pieces of
software.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/