<div dir="ltr"><div><div><div><div>There is nothing per se wrong with the current LDAP authentication I have just for identity and authentication. Some security folks believe having the hash stored in your LDAP tree is in itself a security problem but I'm not so worried about that. <br>
</div><br>There are two problems though I am trying to solve and am looking for an over all architecture.<br></div><br>Problem 1) NFSv4 is more secure with kerberos, and since I use NFS currently without kerberos I'd like to use NFSv4 with Kerberos. That would mean though I need to integrate LDAP and Kerberos together to keep the same level of authenication as today. <br>
</div><br>Problem 2) Samba4 as I am reading does not support Linux OpenLDAP/Kerberos as it's system for authentication due to incompatibilities in the way AD was implemented. So to get single sign on across multiple OS's I believe I've read that having AD Samba4 is the way to support that which would again require me to move away from just having LDAP storing the hash in the tree.<br>
<br></div>I am also looking at web enabled applications that can use the single sign on recommendation to perform identity and authentication.<br><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">
On Tue, May 27, 2014 at 5:35 PM, Munir Nassar <span dir="ltr"><<a href="mailto:tclug@beitsahour.net" target="_blank">tclug@beitsahour.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
what is wrong with LDAP authentication? in other words: what problem<br>
are you trying to solve?<br>
<div><div class="h5"><br>
On Tue, May 27, 2014 at 5:28 PM, John Frisk <<a href="mailto:john.a.frisk@gmail.com">john.a.frisk@gmail.com</a>> wrote:<br>
> Hello All,<br>
> I currently have an older ldap style installation for single sign on where I<br>
> use nss_ldapd for client authentication and identity. (i.e. password stored<br>
> in hash directly in slapd)<br>
><br>
> I am looking at doing either one of two styles in the future:<br>
> 1) Set up samba4 as an AD DC and keep the users for single sign on in there<br>
><br>
> 2) Set up ldap/kerberos installation on ubuntu to have an updated<br>
> environment from above.<br>
><br>
> My question is what are people using these days? Obviously the Active<br>
> Directory solution is probably what a lot of enterprises are doing, but I<br>
> have mostly Linux VM's and machines with only one Win7 installation. What<br>
> recommendations do you guys have? Also, what is easier for web technologies<br>
> to use for web-enabled apps?<br>
><br>
</div></div>> _______________________________________________<br>
> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota<br>
> <a href="mailto:tclug-list@mn-linux.org">tclug-list@mn-linux.org</a><br>
> <a href="http://mailman.mn-linux.org/mailman/listinfo/tclug-list" target="_blank">http://mailman.mn-linux.org/mailman/listinfo/tclug-list</a><br>
><br>
_______________________________________________<br>
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota<br>
<a href="mailto:tclug-list@mn-linux.org">tclug-list@mn-linux.org</a><br>
<a href="http://mailman.mn-linux.org/mailman/listinfo/tclug-list" target="_blank">http://mailman.mn-linux.org/mailman/listinfo/tclug-list</a><br>
</blockquote></div><br></div>