[TUHS] YP / NIS / NIS+ / LDAP
Ben Greenfield
ben at cogs.com
Tue Nov 6 22:59:22 AEST 2018
> On Nov 5, 2018, at 11:58 PM, Grant Taylor via TUHS <tuhs at minnie.tuhs.org> wrote:
>
> On 11/05/2018 02:43 PM, Ben Greenfield via TUHS wrote:
>> I found that I had to do all of this using SASL.
>
> At first read I was thinking "SASL? Really?". Then I remembered that Simple Authentication and Security Layer is really just an abstraction layer. An abstraction layer that very easily could have (but I don't know one way or the other) a back end to Kerberos.
>
>> I remember it as SASL would handle the kerberization during boot up getting tickets for each LDAP entry that you wanted mapped to a service on that client.
>
> Hum.
>
>> I could be wrong but I think SASL seems to be way connect services on Linux with LDAP that are served kerberized.
>
> I've always viewed SASL as a way for applications to outsource the authentication / security so that the program code didn't need to worry about it. It also allowed SASL to manage supporting all the different back end security methods.
>
> I also think much the same about PAM. - In fact, I don't think I could properly differentiate between PAM and SASL.
Yes, pam when I was trying to figure out how to put it altogether PAM was always working in the background but I believe it was the SASL configs that pointed to my Open Directory server that centralized our Linux accounts. So as strange as it may seem to some there have be instances were OS X served Linux clients:)
>
>
>
> --
> Grant. . . .
> unix || die
>
More information about the TUHS
mailing list