[TUHS] YP / NIS / NIS+ / LDAP
Grant Taylor
gtaylor at tnetconsulting.net
Tue Nov 6 05:36:30 AEST 2018
On 11/05/2018 12:24 AM, Mantas Mikulėnas wrote:
> Let the client handle authentication via Kerberos
I don't know enough about Kerberos (yet) to know if it would be possible
for a login process to communicate with the KDC and get a TGT as part of
logging in, without already being logged in.
My ignorance is leaving me with a priming problem that seems like a
catch 22. You can't login without shadow information or TGT. But
traditional (simpler) kinit is run after being logged in. So ... how do
you detangle that? The only thing that I can come up with is that the
login process does the kinit functionality on the users behalf.
I can see how NIS(+) sans-shadow could still be useful. I can also see
how LDAP could be a close approximation / replacement for NIS(+) in this
case.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3982 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20181105/cefeef3f/attachment.bin>
More information about the TUHS
mailing list