[PLUG] Linux centralized authentication

Thomas Groman tgrom.automail at nuegia.net
Thu May 3 02:59:56 UTC 2018


Do you have any book or other resource recommendations for setting these
up? I already do sysadmin work, just never done centralized auth before.


On 05/02/2018 07:53 PM, Tomas Kuchta wrote:
> The easiest is to pick LDAP or NIS, both work very well on Linux. With or
> without Kerberos for local small setup.
>
> NIS with NFS for file sharing would be probably the simplest setup, but you
> will eventually wish you had LDAP for integration with various other
> services.
>
> LDAP + Kerberos + NFS is probably the most common and extensible solution.
> You will absolutely need local DNS and NTP to get it going, but it is well
> integrated extensible solution.
>
> Another option would be to uses Samba - it combines LDAP + Kerberos, so it
> has less moving parts and can accept Windows hosts without much headache,
> compared to LDAP and Kerberos.
>
> For both solution, you might need some enterprise admin to help setting it
> up. If well and simply setup, it is not difficult to maintain and manage.
> IMHO
>
> Tomas
>
> On Wed, May 2, 2018, 5:36 PM Smith, Cathy <Cathy.Smith at pnnl.gov> wrote:
>
>> There used to be dns, ldap, kerberos, nis.  These are open source
>> protocols and not restricted to Microsoft.
>>
>>
>> --
>> Cathy L. Smith
>> IT Engineer
>>
>> Pacific Northwest National Laboratory
>> Operated by Battelle for the
>> U.S. Department of Energy
>>
>> Phone: 509.375.2687
>> Fax:       509.375.4399
>> Email: cathy.smith at pnnl.gov
>>
>>
>>
>> -----Original Message-----
>> From: plug-bounces at pdxlinux.org [mailto:plug-bounces at pdxlinux.org] On
>> Behalf Of Thomas Groman
>> Sent: Wednesday, May 02, 2018 5:16 PM
>> To: plug at pdxlinux.org
>> Subject: [PLUG] Linux centralized authentication
>>
>> Has anyone ever made a 100% UNIX/BSD/Linux network with centralized
>> authentication? Using native protocols not some sort of strange Microsoft
>> AD mesh thing.
>> I wanted to build a hacker-space for a school and since it would be
>> starting from scratch there's no reason to get locked in to a Microsoft
>> product from the start. Also the Microsoft's protocols are not open source
>> and hard to debug. They never really work well with UNIX like operating
>> systems requiring id/group mapping and such.
>> _______________________________________________
>> PLUG mailing list
>> PLUG at pdxlinux.org
>> http://lists.pdxlinux.org/mailman/listinfo/plug
>> _______________________________________________
>> PLUG mailing list
>> PLUG at pdxlinux.org
>> http://lists.pdxlinux.org/mailman/listinfo/plug
>>
> _______________________________________________
> PLUG mailing list
> PLUG at pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug




More information about the PLUG mailing list