Fedora Directory Server: the Evolution of Linux Authentication

 in
Check out Fedora Directory Server to authenticate your clients without licensing fees.

Jeramiah Bowling has been a systems administrator and network engineer for more than ten years. He works for a regional accounting and auditing firm in Hunt Valley, Maryland, and holds numerous industry certifications including the CISSP. Your comments are welcome at jb50c@yahoo.com.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

fds with ldap

manohar's picture

hi..
i m done with installing FDS successfully.
can please help how can i authenticate the windows users using FDS.

Password policy problem between FDS and ADS

selvakumar.a's picture

Hi,
I have configured FDS and Syncronized with ADS.Every thing working fine.The password also syncronized between FDS server and ADS.When I change the password in windows client it is replicated to the FDS through ADS.But when I change the password in Linux client machine it does not replicated to the ADS. I need some clarification between FDS and ADS password policy.I hope some one will guide me.Thanks in advance.

el fedora es de maricones

Brunito's picture

es re penca la wea de fedora ds
es como una agenda ql
mas dificil de usar la mierda
ademas que el guru guru ql

LDAP isn't best suited for authentication

Anonymous's picture

Just to note, the directory usage that you describe (using LDAP for authentication) is a painfully wide-spread misconception.

Properly, you should use LDAP for publishing authorization data (e.g. group memberships), while authentication should be best implemented with use of Kerberos protocol.

By using LDAP for authentication, you throw away the possibility to provide single sign-on for your users.

You can use the Heimdal Kerberos server to store the data used by it in an LDAP directory - provided that it supports LDAPI connections and, as a result, it resides on the same machine that the LDAP server.

The version of Fedora Directory Server from CVS supports LDAPI.

BTW, IMHO the Kerberos and LDAP protocols should be merged in the future since they are so easily misused because of the distinction between them.

merge LDAP and Kerberos. LDAP

Anonymous's picture

merge LDAP and Kerberos. LDAP is a fully fledged directory access protocol not just an authentication widget. This is like saying SQL should be merged with Kerberos.

BTW, LDAPI support is now

Anonymous's picture

BTW, LDAPI support is now available with the latest stable version 1.1 of Fedora Directory Server.

Updating Alternatives (for Java and such)

Christopher Cashell's picture

Just a note, Red Hat provides a command, update-alternatives, for updating and maintaining links in /etc/alternatives.

Geek Guide
The DevOps Toolbox

Tools and Technologies for Scale and Reliability
by Linux Journal Editor Bill Childers

Get your free copy today

Sponsored by IBM

Upcoming Webinar
8 Signs You're Beyond Cron

Scheduling Crontabs With an Enterprise Scheduler
11am CDT, April 29th
Moderated by Linux Journal Contributor Mike Diehl

Sign up now

Sponsored by Skybot