The 'perfect' LDAP+Krb5+glue setup (was: Re: Current ideas on kerberos requirements for Samba4)
abartlet at samba.org
Tue May 24 21:42:25 EDT 2005
On Tue, 2005-05-24 at 07:32 -0700, Howard Chu wrote:
> Andrew Tridgell wrote:
> > I think that Samba3 is far to hard too install and configure. I want
> > to make Samba4 much easier, and my fear is that it will in fact become
> > much harder as we start to become dependent on more external tools.
> You can create a nicely integrated package from multiple components
> without needing to reimplement all of the components. Symas has done it
> with our CDS packages (OpenLDAP+BerkeleyDB+Cyrus SASL+Heimdal+OpenSSL),
> and PADL has done it with XAD. You get far more mileage out of your own
> time and resources by leveraging what already exists. When you run into
> rough edges, you beat them into submission and move on... ;)
(now where did that send button jump out from...)
Just picking up this point for a moment: Aside from your fine
commercial products, is there any public document that describes how to
As you know, I've been working to make Samba3 play nicer in such a
setup, in the hope that I might one day get the time to deploy it at
Hawker (I deploy parts of this mix, to mixed success). Entirely aside
from my Samba4 work I would love to be able to point admins,
particularly of Unix-oriented sites to a known working description of
how to do this.
As you said before, it should be just 'make install', and we shouldn't
be so easily mislead by those 'self-proclaimed LDAP experts'.
I would love to be able to brow-beat the vendors we are still on
speaking terms with into actually shipping this combination *configured
correctly*, and I would love to see vendors taking advantage of the
'just add water' Heimdal KDC (0.7pre) when using the Samba3 LDAP schema
(removing the 're-enter the password' battle that scares off most first-
time kerberos admins).
Are there vendors other than Symas (I'm thinking Operating System/Linux
Distribution vendors in particular), who get this right, out of the box?
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20050525/42bf36bd/attachment.bin
More information about the krbdev