Kerberized Apps

[Thomas A. La Porte]

We are successfully using the PADL (Luke Howard) GSS-SASL plug-in 
for the iPlanet/SunOne Directory Server. We've been exceedingly 
pleased with the simplicity of setup and how well it works. And 
Luke has been *very* responsive whenever we have had any 
questions.

We also have Oracle working, though we haven't done any 
production-level work with it, yet. We're looking at the
functionality of globally identified, Kerberos authenticated 
users that now exists in 10g.

 -- Tom

Thomas A. La Porte, DreamWorks SKG
<mailto:tlaporte at anim.dreamworks.com>          

On Tue, 30 Mar 2004, Erik Arneson wrote:

>On 29-Mar-2004, Brian Davidson <bdavids1 at gmu.edu> wrote:
>> I'm curious how others have fared with things like:
>> iPlanet/SUNOne LDAP,SMTP,IMAP and POP
>> Oracle
>> Email clients (which ones work for you)
>> Various OSes such as: Solaris, Linux, Tru64, HP-UX, Microsoft
>> Win-whatever, etc
>> Any killer kerberized apps at your site
>
>We have OpenAFS, SMTP, IMAP, POP, PostgreSQL, CVS, and SSH all
>Kerberized.  As for email clients, Mail.app for OS X, Gnus (using imtest
>From the Cyrus-IMAP distribution), mutt, and PINE all work great.  I
>don't know what the windows folks use.
>
>I also tend to use 'ksu' instead of 'sudo' to control user access to
>other users.  That's been working quite well for me.
>
>Here's one thing I don't have working yet, but haven't really sat down
>to puzzle over: We have two KDCs.  The master is behind our firewall on
>a private network, but we have a slave on a public network.  The only
>way for users outside the private network (which is most of them) to
>change their passwords is to shell into a machine that can reach the
>private network somehow and run kpasswd from there.  I'd like some way
>for them to change their password remotely using kpasswd on public
>workstations.  Not sure how to work that one out yet.  Any ideas?
>
>