[Samba] nslcd: kerberos vs. simple bind
Marc Muehlfeld
samba at marc-muehlfeld.de
Wed Aug 28 10:37:51 MDT 2013
Hello,
I took this out of the "OpenSSH auth in SAMBA4 LDAP" thread, because it
was drifting away from it's origin question :-)
I played this afternoon a bit with nslcd and kerberos for extending my
Wiki HowTo. But as more as I read, one question comes bigger and bigger:
What are the advantages of kerberos against simple bind with DN and
password?
Simple bind method: Create a user, add the credentials to the root only
readable file nslcd.conf. Done
Kerberos: Create user, add a SPN, extract keytab, edit nslcd.conf (ok.
This is all done only once.). But then, if I understand it right, I need
something that renews the kerberos ticket from time to time. In your
blog you use k5start for that. Also Fedora 19 and RHEL6 doesn't have it
in their repositories. So something more to compile and to be ensured
that it starts and run. :-)
So currently I don't see what are the advantages of Kerberos and in
which way it should be easier or anything else. :-)
Maybe someone can give me (Kerberos beginner) some answers/hints. :-)
Regards,
Marc
More information about the samba
mailing list