1 |
Hi there, |
2 |
|
3 |
I'm about to create a central directory service for users in my |
4 |
company, I've been reading a lot and right now I think I have a real |
5 |
acronym soup headache. My main requirement is to be able to have a |
6 |
central repository of users, so if I want to create a new user, I only |
7 |
do it in just a place. Creating a new user means giving that user rights |
8 |
to use several services (login, mail, proxy,...), so I don't have to |
9 |
create a user in /etc/passwd, then create a user in the mail server, ... |
10 |
Other requirements include the possibility of using the user information |
11 |
as an address book (this is easy as long as the information is stored in |
12 |
LDAP). |
13 |
|
14 |
Right now I'm using the following (only login and mail tested): |
15 |
|
16 |
* PAM + LDAP. Users may login once I have created an entry for that |
17 |
user in the LDAP directory. |
18 |
* Postfix + SSL + SASL + saslauthd/ldap. Users outside my local |
19 |
network are able to send mails to the world once they have |
20 |
authenticated. Postfix also uses the information stored in LDAP to |
21 |
accept incoming mail. |
22 |
* Courier-IMAP + SSL + LDAP authentication. Users are able to access |
23 |
their IMAP mailboxes after they have authenticated using the |
24 |
information stored in the LDAP server. I'm thinking about |
25 |
migrating this to Cyrus IMAP + SSL + SASL + saslauthd/ldap to |
26 |
mimic the postfix setup. |
27 |
|
28 |
I then found information about kerberos, so I don't know if I should |
29 |
go that way, or stay with this setup (this is the time to experiment, |
30 |
once this is put into production I won't have the possibility to change |
31 |
it easily). Are there any advantages of using kerberos over using just |
32 |
SSL + LDAP? In case I use kerberos, would I have duplicate information |
33 |
in the kerberos database and in LDAP? May I use LDAP as a backend for |
34 |
the kerberos password database? I don't know that much about kerberos, |
35 |
so forgive me if I'm making any stupid question. |
36 |
|
37 |
Thanks in advance, regards |
38 |
Jose |