Kerberized Apps
Thomas A. La Porte
tlaporte at anim.dreamworks.com
Tue Mar 30 16:41:31 EST 2004
We are successfully using the PADL (Luke Howard) GSS-SASL plug-in
for the iPlanet/SunOne Directory Server. We've been exceedingly
pleased with the simplicity of setup and how well it works. And
Luke has been *very* responsive whenever we have had any
questions.
We also have Oracle working, though we haven't done any
production-level work with it, yet. We're looking at the
functionality of globally identified, Kerberos authenticated
users that now exists in 10g.
-- Tom
Thomas A. La Porte, DreamWorks SKG
<mailto:tlaporte at anim.dreamworks.com>
On Tue, 30 Mar 2004, Erik Arneson wrote:
>On 29-Mar-2004, Brian Davidson <bdavids1 at gmu.edu> wrote:
>> I'm curious how others have fared with things like:
>> iPlanet/SUNOne LDAP,SMTP,IMAP and POP
>> Oracle
>> Email clients (which ones work for you)
>> Various OSes such as: Solaris, Linux, Tru64, HP-UX, Microsoft
>> Win-whatever, etc
>> Any killer kerberized apps at your site
>
>We have OpenAFS, SMTP, IMAP, POP, PostgreSQL, CVS, and SSH all
>Kerberized. As for email clients, Mail.app for OS X, Gnus (using imtest
>From the Cyrus-IMAP distribution), mutt, and PINE all work great. I
>don't know what the windows folks use.
>
>I also tend to use 'ksu' instead of 'sudo' to control user access to
>other users. That's been working quite well for me.
>
>Here's one thing I don't have working yet, but haven't really sat down
>to puzzle over: We have two KDCs. The master is behind our firewall on
>a private network, but we have a slave on a public network. The only
>way for users outside the private network (which is most of them) to
>change their passwords is to shell into a machine that can reach the
>private network somehow and run kpasswd from there. I'd like some way
>for them to change their password remotely using kpasswd on public
>workstations. Not sure how to work that one out yet. Any ideas?
>
>
More information about the Kerberos
mailing list