[OpenAFS] Future of AFS? Interesting Ideas!?
Mon, 6 Jan 2003 00:01:44 +0100
-----BEGIN PGP SIGNED MESSAGE-----
On Sunday 05 January 2003 21:46, Ken Hornstein wrote:
> I wish Outlook _did_ do Kerberos; that's rather unfortunate, since
> MS even ships with Kerberos in the OS and they have no excuse.
> However, other than Outlook, things aren't bad. Eudora and Mulberry
> both support Kerberos for POP/IMAP/SMTP, and so does the "Mail"
> app that ships with OS X. These are real applications that are
> production quality, and our users seem to be happy with them.
The following Article (MS Technet) may be of interest to you:
You will still have to provide an AD-Domain for Exchange 2000 Servers but=
sure it should be possible to use a existing Kerberos installtion with th=
Domain (and maybe the information of article mentioned above).
It should also be easy to etablish a trust relationship between a Kerber=
and AD domain (but this trust won`t be transitive).
> Now _this_, I don't understand at all. LDAP isn't an authentication
> system. When people say stuff like, "LDAP authentication", most
> of the time they really mean storing plaintext passwords in their
> LDAP database. If you're just doing _that_, then Kerberos can do
> the same thing, and that actually has pretty good coverage. That's
> not SSO in my book, but I don't see how that's any worse than LDAP.
You`re right. People often mean plaintext passwords stored in LDAP.
But imho the best solution is a kerberos installation with user informati=
stored in ldap.=20
I am not sure whether it is possible to logon to a unix box with only a=20
kerbereos ticket. Where would the uid/guid information come from??
Of course you could use NIS for uid/guid things to work, but I really hat=
concepts of NIS - It`s flat!
linuxfriendly.de - penguin empowered
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----