[PLUG] Linux centralized authentication

Ken Stephens kennethgstephens at gmail.com
Thu May 3 13:47:54 UTC 2018 

What ever happened to the Lake Oswego Linux School System.  Wasn't that a
Server/Workstation distribution?

https://www.linuxschools.com/forum/index-main.php


Ken

On Wed, May 2, 2018 at 8:25 PM, Tyrell Jentink <tyrell at jentink.net> wrote:

> I'm using FreeIPA here at home; As a product, it's really just a bunch of
> scripts and a web interface for LDAP+Kerberos+Certificate management+Samba;
> It aims to be a complete identity management system, a product designed to
> compete with (Or at the very least, perform an analogous set of tasks to)
> ActiveDirectory. It is completely open source, developed by Red Hat, for
> Fedora, and I use it on CentOS, but it is available for a number of other
> distros.
>
> (Full disclosure: I do happen to use ActiveDirectory to store my user
> accounts, and FreeIPA authenticates through an AD Interforest Trust, but
> that's far from a requirement, and it probably causes me more grief than
> many admins would tolerate)
>
> As for reading, I learned everything I know from their documentation:
> https://www.freeipa.org/page/Documentation
>
>
> On Wed, May 2, 2018, 20:01 Thomas Groman <tgrom.automail at nuegia.net>
> wrote:
>
> > Do you have any book or other resource recommendations for setting these
> > up? I already do sysadmin work, just never done centralized auth before.
> >
> >
> > On 05/02/2018 07:53 PM, Tomas Kuchta wrote:
> > > The easiest is to pick LDAP or NIS, both work very well on Linux. With
> or
> > > without Kerberos for local small setup.
> > >
> > > NIS with NFS for file sharing would be probably the simplest setup, but
> > you
> > > will eventually wish you had LDAP for integration with various other
> > > services.
> > >
> > > LDAP + Kerberos + NFS is probably the most common and extensible
> > solution.
> > > You will absolutely need local DNS and NTP to get it going, but it is
> > well
> > > integrated extensible solution.
> > >
> > > Another option would be to uses Samba - it combines LDAP + Kerberos, so
> > it
> > > has less moving parts and can accept Windows hosts without much
> headache,
> > > compared to LDAP and Kerberos.
> > >
> > > For both solution, you might need some enterprise admin to help setting
> > it
> > > up. If well and simply setup, it is not difficult to maintain and
> manage.
> > > IMHO
> > >
> > > Tomas
> > >
> > > On Wed, May 2, 2018, 5:36 PM Smith, Cathy <Cathy.Smith at pnnl.gov>
> wrote:
> > >
> > >> There used to be dns, ldap, kerberos, nis.  These are open source
> > >> protocols and not restricted to Microsoft.
> > >>
> > >>
> > >> --
> > >> Cathy L. Smith
> > >> IT Engineer
> > >>
> > >> Pacific Northwest National Laboratory
> > >> Operated by Battelle for the
> > >> U.S. Department of Energy
> > >>
> > >> Phone: 509.375.2687
> > >> Fax:       509.375.4399
> > >> Email: cathy.smith at pnnl.gov
> > >>
> > >>
> > >>
> > >> -----Original Message-----
> > >> From: plug-bounces at pdxlinux.org [mailto:plug-bounces at pdxlinux.org] On
> > >> Behalf Of Thomas Groman
> > >> Sent: Wednesday, May 02, 2018 5:16 PM
> > >> To: plug at pdxlinux.org
> > >> Subject: [PLUG] Linux centralized authentication
> > >>
> > >> Has anyone ever made a 100% UNIX/BSD/Linux network with centralized
> > >> authentication? Using native protocols not some sort of strange
> > Microsoft
> > >> AD mesh thing.
> > >> I wanted to build a hacker-space for a school and since it would be
> > >> starting from scratch there's no reason to get locked in to a
> Microsoft
> > >> product from the start. Also the Microsoft's protocols are not open
> > source
> > >> and hard to debug. They never really work well with UNIX like
> operating
> > >> systems requiring id/group mapping and such.
> > >> _______________________________________________
> > >> PLUG mailing list
> > >> PLUG at pdxlinux.org
> > >> http://lists.pdxlinux.org/mailman/listinfo/plug
> > >> _______________________________________________
> > >> PLUG mailing list
> > >> PLUG at pdxlinux.org
> > >> http://lists.pdxlinux.org/mailman/listinfo/plug
> > >>
> > > _______________________________________________
> > > PLUG mailing list
> > > PLUG at pdxlinux.org
> > > http://lists.pdxlinux.org/mailman/listinfo/plug
> >
> > _______________________________________________
> > PLUG mailing list
> > PLUG at pdxlinux.org
> > http://lists.pdxlinux.org/mailman/listinfo/plug
> >
> _______________________________________________
> PLUG mailing list
> PLUG at pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>

More information about the PLUG mailing list