[ale] Single Sign-on and Linux

[Casey Allen Shobe]

> What do you feel is weak/immature about the Linux LDAP solutions?

All I played with was OpenLDAP and it was horror to setup, and I didn't take
the time I should have to understand it.  From what you're saying, it sounds
like it worked great.

> If you are really, really paranoid then you could just write the LDAP info
> back to /etc/shadow;/etc/passwd on each machine and still be able to login
> in case of a network outage.

This isn't paranoid, this is a standard requirement.  I'll use my last
company as an example.  There was the server room (all NT, bleh), and then
all the hundreds of client workstations...a pretty standard setup.  The
difference was that all of the client workstations were laptops.  A large
percentage of the employees would go home and use their laptop remotely.  A
way to login is handy.  I'm not sure how Windows 2k (others?) do it, but it
didn't seem to matter whether you were on the network or not (unless logging
in for the first time, IIRC).

> The OpenLDAP distribution also can be linked against libssl to encrypt all
the transmissions.

Now this is paranoia, but paranoia is good :).

> I would recommend OpenLDAP as the solution...

It sounds as if I need to do some more reading.  Do you by chance know of a
good website that covers the details of implenting OpenLDAP (or LDAP in
general) pretty extensively?  Examples would be good.

- Casey Allen Shobe

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.