Kerberized Apps

Erik Arneson erik at aarg.net
Tue Mar 30 16:22:36 EST 2004


On 29-Mar-2004, Brian Davidson <bdavids1 at gmu.edu> wrote:
> I'm curious how others have fared with things like:
> iPlanet/SUNOne LDAP,SMTP,IMAP and POP
> Oracle
> Email clients (which ones work for you)
> Various OSes such as: Solaris, Linux, Tru64, HP-UX, Microsoft
> Win-whatever, etc
> Any killer kerberized apps at your site

We have OpenAFS, SMTP, IMAP, POP, PostgreSQL, CVS, and SSH all
Kerberized.  As for email clients, Mail.app for OS X, Gnus (using imtest
From the Cyrus-IMAP distribution), mutt, and PINE all work great.  I
don't know what the windows folks use.

I also tend to use 'ksu' instead of 'sudo' to control user access to
other users.  That's been working quite well for me.

Here's one thing I don't have working yet, but haven't really sat down
to puzzle over: We have two KDCs.  The master is behind our firewall on
a private network, but we have a slave on a public network.  The only
way for users outside the private network (which is most of them) to
change their passwords is to shell into a machine that can reach the
private network somehow and run kpasswd from there.  I'd like some way
for them to change their password remotely using kpasswd on public
workstations.  Not sure how to work that one out yet.  Any ideas?

-- 
;; Erik Arneson <erik at aarg.net>    AARG Net <http://www.aarg.net/> ;;
;; GPG Key ID: 2048R/8B4CBC9C           <http://erik.arneson.org/> ;;
;; "Civilization is only savagery silver-gilt." - H. Rider Haggard ;;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 480 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20040330/72da6c14/attachment.bin


More information about the Kerberos mailing list