Re: kerberos, openssl, openldap and cyrus-sasl

[Howard Chu <hyc@symas.com>]

Prakash Velayutham wrote:
> Hi All,
>
> I have browsed through the various threads dealing with this topic, 
> but can't seem to figure the right order of things. Could someone here 
> help me get started?
>
> I need kerberos, openssl, cyrus-sasl and openldap all to be installed 
> and configured so that I can have an integrated authentication and 
> authorization setup (I also have to include samba in the mix 
> somewhere, but that I think can be plugged in later). What kind of 
> data should reside in what database and how do I configure the entire 
> network to use this security setup (including Windows and Linux systems)?

You will certainly need Samba in order to integrate the Windows side, 
that or www.padl.com's XAD. XAD would be the easiest route as it already 
has all of the above pieces integrated for you.

Otherwise the best integrated setup uses Heimdal Kerberos with its KDC 
storing its data in slapd. Then all account administration can be done 
with one set of tools entirely in LDAP. (If you're not going to use XAD, 
the next easiest approach is to use Symas CDS, which has everything 
except Samba integrated already.) Doing the builds in the right order 
can be tricky since Cyrus SASL may have circular dependencies on LDAP, 
and OpenSSL may have circular dependencies on Kerberos (if you enable 
certain options). Probably this discussion is best left to the 
ldap-interop mailing list since it involves so many different pieces of 
software.

--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/