| 1 |
Hi there, |
| 2 |
|
| 3 |
I'm about to create a central directory service for users in my |
| 4 |
company, I've been reading a lot and right now I think I have a real |
| 5 |
acronym soup headache. My main requirement is to be able to have a |
| 6 |
central repository of users, so if I want to create a new user, I only |
| 7 |
do it in just a place. Creating a new user means giving that user rights |
| 8 |
to use several services (login, mail, proxy,...), so I don't have to |
| 9 |
create a user in /etc/passwd, then create a user in the mail server, ... |
| 10 |
Other requirements include the possibility of using the user information |
| 11 |
as an address book (this is easy as long as the information is stored in |
| 12 |
LDAP). |
| 13 |
|
| 14 |
Right now I'm using the following (only login and mail tested): |
| 15 |
|
| 16 |
* PAM + LDAP. Users may login once I have created an entry for that |
| 17 |
user in the LDAP directory. |
| 18 |
* Postfix + SSL + SASL + saslauthd/ldap. Users outside my local |
| 19 |
network are able to send mails to the world once they have |
| 20 |
authenticated. Postfix also uses the information stored in LDAP to |
| 21 |
accept incoming mail. |
| 22 |
* Courier-IMAP + SSL + LDAP authentication. Users are able to access |
| 23 |
their IMAP mailboxes after they have authenticated using the |
| 24 |
information stored in the LDAP server. I'm thinking about |
| 25 |
migrating this to Cyrus IMAP + SSL + SASL + saslauthd/ldap to |
| 26 |
mimic the postfix setup. |
| 27 |
|
| 28 |
I then found information about kerberos, so I don't know if I should |
| 29 |
go that way, or stay with this setup (this is the time to experiment, |
| 30 |
once this is put into production I won't have the possibility to change |
| 31 |
it easily). Are there any advantages of using kerberos over using just |
| 32 |
SSL + LDAP? In case I use kerberos, would I have duplicate information |
| 33 |
in the kerberos database and in LDAP? May I use LDAP as a backend for |
| 34 |
the kerberos password database? I don't know that much about kerberos, |
| 35 |
so forgive me if I'm making any stupid question. |
| 36 |
|
| 37 |
Thanks in advance, regards |
| 38 |
Jose |
Archives