Date: Wed, 18 Mar 1998 02:10:25 +0100 From: Palle Girgensohn <girgen@partitur.se> To: questions@FreeBSD.ORG Subject: Re: Kerberos basic questions Message-ID: <350F1F01.11EDF46D@partitur.se> References: <3.0.1.32.19980318000926.007bb7b0@posta.cisco.it>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Antonio, Not sure if this helps, but anyway: Antonio Nati wrote: > > I'm trying to figure how to use kerberos in my environment. > > I have three WEB servers and a PPP server (all with FreeBSD 2.1.5), and I > would like to have only one authentication service for all the boxes. > > As far as I'm seeing in my first 2.2.5 installation, kerberos doesn't > manage at all all the supplemental information (uid, gid, home, etc) that > are essential to define an user. > > So I imagine that I should anyway create new users with adduser on any > system where they should work, adding them later to the kerberos database > and using kerberos only to assure them fast logins on the various systems. > Is that right? > > Other three questions. > > 1) Is there any kerberos mechanism in the last versions of apache? Check http://andrew2.andrew.cmu.edu/minotaur/ . Carnegie-Mellon has a Kerberos plugin for Netscape & MSIE. Not sure about Apache, but it can be done by a handy C programmer. You need to know the inner secrets of how to get the tickets from the plug-in... I guess it won't be easy. :( > > 2) Is the usage of Kerberos completely transparent or the programs must be > modified in order to use it? The LOGIN options of the pppd server is going > to check the kerberos database or it simply checks against the passwd file? > All programs must be kerberized. Don't know if this has been done to the pppd. Besides, you probably can't use kerberos to authenticate ppp users since it requires a UDP connection (you should be able to use the Kerberos database, however. However, I'm no expert at the subject. Used Kerberos as a user a couple of years ago. > 3) Given the fact that I have a small amount of POP users already working, > how to populate the kerberos database starting from the existing passwd > file (and passing from MD5 to DES)? > If all you have are ppp users using pop, there's no real need for Kerberos; the passwords don't travel the net? At least not more than your ethernet segment. I'd save myself the trouble. Regards, Palle /Palle To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?350F1F01.11EDF46D>