Single Sign-On and the Corporate Directory, Part III

Combine Samba with OpenLDAP for a mail and SSH single sign-on system.
Configuring Eudora v6.2

Start the account creation process, and choose Skip directly to advanced account setup. Enter the required information for the SMTP and IMAP settings. Make sure to choose If Available, STARTTLS for the Secure Sockets settings, and under the Incoming Mail tab, make sure to select Kerberos as the authentication style (Figure 4).

Figure 4. Eudora Account Creation

Once you've gotten your account configured, you may get an error the first time you try to connect saying that either the connection has broken or GSSAPI failed. These errors aren't very descriptive of the actual problem, which is that Eudora doesn't trust your self-signed SSL certificates. To fix this, edit the properties for your newly created personality (Figure 5). Click on the Incoming Mail tab, then the Last SSL Info button, and then the Certificate Information Manager button (Figure 6). If you click the Add To Trusted button, your self-signed certificate will be trusted by Eudora as valid. You need to do this for your SMTP server as well the first time you try to send mail.

Figure 5. Eudora Personality Properties

Figure 6. Eudora Certificate Information Manager

Wrapping Up

You now have integrated one more major architecture into your single sign-on and corporate directory infrastructure. There are still some pieces that could be added or enhanced, such as a way to keep passwords in sync between Kerberos and Samba, LDAP searches in Eudora and more-robust Samba user management scripts. However, you can see how Kerberos and LDAP can make administration and use of your system much easier and more unified. In my last article in this series, I'll explore some ways to think about using your new infrastructure for administrative functions. Until then, keep expanding and using your corporate directory!

Acknowledgements

This work was supported by the Mathematical, Information, and Computational Sciences Division subprogram of the Office of Advanced Scientific Computing Research, Office of Science, U.S. Department of Energy, under Contract W-31-109-ENG-38.4:08.

Resources for this article: /article/8701.

Ti Leggett (leggett@mcs.anl.gov) is a systems administrator for the Futures Laboratory of the Mathematics and Computer Science Division at Argonne National Laboratory. He also has a joint appointment with the Computation Institute at the University of Chicago.

______________________

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix