EditAttachPrintable
r2 - 11 Aug 2006 - 05:55:29 - StevenMcCoyYou are here: TWiki >  Ltsp Web  >  LDAP > KerberosLTSP

Kerberos Authentication for LTSP

This page is for authenticating LTSP users against Kerberos V, whether in a Microsoft Active Directory, Samba 4, or a MIT or Heimdal Kerberos IV KDC. Account information will be retrieved via LDAP recommended with SSL/TLS connections.

-- StevenMcCoy - 01 Jul 2006

Samba 4 as an Active Directory

Samba 4 is a technology preview of a major rehaul of Samba 3 in order to support the Windows Active Directory logon protocol. It supports NT domain logins, acts as a LDAP server, and a Kerberos V KDC. A Samba 4 appliance is available called miru directory server together with a VMware LTSP demo system to show how easy it is to integrate and setup such a LTSP environment.

Account information

Home directories, login shell information is usually stored in /etc/passwd, with a network based user directory we need to use NSS and the NSS-LDAP module by reconfiguring /etc/nss_switch.cf to point to LDAP as configured in /etc/libnss_ldap.conf.

Kerberos V authentication

The actual password verification is performed by the Kerberos KDC and requires reconfiguration of the PAM system to use PAM-KRB5 (MIT) or PAM-HEIMDAL and either the Kerberos realm configured in /etc/krb5.conf or special entries in the DNS system.

Edit | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r2 < r1 | More topic actions
 
Powered by TWiki
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback