[clug-talk] Browsing a Linux network
sgrover at open2space.com
Tue Jun 26 21:56:23 PDT 2007
When you start talking about "single sign on", well, you're opening a
can of worms - just cuz there's a lot of opinions and methods to do so.
But from what I've seen none of them are really simple.
Sure the MS domain model can be done (via Samba even), but I think any
sys admin that has been dealing with MS domains for more than a couple
workstations can attest to the fact that it's sometimes not so simple
and can get downright ugly.
But, LDAP seems to be central to most of the single sign on methods I've
heard about. So, if you did that, you also get the other things LDAP
brings to the table for you (contact management, resource management,
etc., if you wanted them). But LDAP is NOT simple. At least not "point
'n click" simple.
You're really talking about two different topics here. First is file
sharing, and the various methods this may be done. Second is
authentication (via the single sign on). They are related in that you
only want authenticated/authorized people accessing your files. But the
file sharing method you choose does not necessarily dictate the
authentication method you use.
If you find a nice easy way of doing both, let us know. Better yet, a
presentation would be in order... :)
Ian Bruseker wrote:
> On 6/26/07, Gustin Johnson <gustin at echostar.ca> wrote:
>> I use samba/cifs for pretty much all file sharing these days. smb4k is
>> handy for browsing for shares on any given network. On my own lan I
>> simply have entries in my /etc/fstab for mounting the usual shares, with
>> user names and passwords in a credentials file.
> Ya, and for a small network (I'm talking 4 computers at home,
> including the IPCop box) that's cool. I was just pondering how one
> would do it in a bigger network, where you don't know every computer's
> name and IP by heart. ;-)
>> Single sign on would likely come from kerberos, just as it does in the
>> Windows world (Active Directory). Of course your server services would
>> need to support kerberos (samba and ssh do). I used to have kerberos
>> authenticating samba and ssh, before I reduced the number of machines in
>> my lan to 3, which makes that a ridiculously overpowered solution.
> This gets me to thinking, does LDAP fit into this somehow? I know
> it's something AD does. I'm wondering, how does one centrally manage
> the user accounts?
> clug-talk mailing list
> clug-talk at clug.ca
> Mailing List Guidelines (http://clug.ca/ml_guidelines.php)
> **Please remove these lines when replying
More information about the clug-talk