Jason Stelzer on 30 Dec 2009 11:57:41 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] openldap certificates deployment considerations?


For what it's worth, I think you may be interested in kerberos + ldap.
Yeah, I realize I'm probably adding something you're not familiar with
into the mix, but IMO kerberos is easier to manage from the
perspective of 'this host is trusted on the network, I will honor its
ticket'.

I know this isn't the most articulate email in the world; I'm a little
rushed. Just have a look at the intro and overview at this link and
decide if it fits the bill for you.

http://wiki.debian.org/LDAP/Kerberos



On Wed, Dec 30, 2009 at 1:56 PM, Mike Sheinberg <m.sheiny@gmail.com> wrote:
> Hey all,
>
> I wanted some group feedback regarding painless (relatively) deployment of
> an open-ldap server for use of authenticating some linux desktops and a mail
> server. It seems the easiest method for me thus far is to utilize the Red
> Hat Directory Server (aka 389 DS for CentOS) because it has a rather nice
> GUI and takes a lot of the configuration details out of the deployment.
> Luckily this project has very good documentation on the whole process but
> I'm getting a bit stuck on the whole certificate process. Anyone know of any
> good guides that will assist me in configuring my server to only allow
> certified clients to connect (via SSL). I know this is a rather broad
> question so I just need a good launching point, obviously theres still a lot
> of reading I have to do. Consequently if there is an easier way for me to
> accomplish this (I'm not against using an Active Directory server to
> authenticate to) feel free to shoot that suggestion out there.
>
> Thanks!
> Mike
>
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
>
>



-- 
J.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug