blog/Kerberos_for_Debian_Edu_Squeeze_.html

   1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   2         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
   3 <html>
   4  <head>
   5   <title>Petter Reinholdtsen: Kerberos for Debian Edu/Squeeze?</title>
   6   <link rel="stylesheet" type="text/css" media="screen" href="http://people.skolelinux.org/pere/blog/style.css">
   7  </head>
   8  <body>
   9
  10  <div class="title">
  11   <h1>
  12        <a href="http://people.skolelinux.org/pere/blog/">Petter Reinholdtsen</a>
  13
  14   </h1>
  15
  16  </div>
  17
  18
  19  <div class="entry">
  20   <div class="title">Kerberos for Debian Edu/Squeeze?</div>
  21   <div class="date">2010-04-14 17:20</div>
  22   <div class="body">
  23 <p><a href="http://www.nuug.no/aktiviteter/20100413-kerberos/">Yesterdays
  24 NUUG presentation</a> about Kerberos was inspiring, and reminded me
  25 about the need to start using Kerberos in Skolelinux.  Setting up a
  26 Kerberos server seem to be straight forward, and if we get this in
  27 place a long time before the Squeeze version of Debian freezes, we
  28 have a chance to migrate Skolelinux away from NFSv3 for the home
  29 directories, and over to an architecture where the infrastructure do
  30 not have to trust IP addresses and machines, and instead can trust
  31 users and cryptographic keys instead.</p>
  32
  33 <p>A challenge will be integration and administration.  Is there a
  34 Kerberos implementation for Debian where one can control the
  35 administration access in Kerberos using LDAP groups?  With it, the
  36 school administration will have to maintain access control using flat
  37 files on the main server, which give a huge potential for errors.</p>
  38
  39 <p>A related question I would like to know is how well Kerberos and
  40 pam-ccreds (offline password check) work together.  Anyone know?</p>
  41
  42 <p>Next step will be to use Kerberos for access control in Lwat and
  43 Nagios.  I have no idea how much work that will be to implement.  We
  44 would also need to document how to integrate with Windows AD, as such
  45 shared network will require two Kerberos realms that need to cooperate
  46 to work properly.</p>
  47
  48 <p>I believe a good start would be to start using Kerberos on the
  49 skolelinux.no machines, and this way get ourselves experience with
  50 configuration and integration.  A natural starting point would be
  51 setting up ldap.skolelinux.no as the Kerberos server, and migrate the
  52 rest of the machines from PAM via LDAP to PAM via Kerberos one at the
  53 time.</p>
  54
  55 <p>If you would like to contribute to get this working in Skolelinux,
  56 I recommend you to see the video recording from yesterdays NUUG
  57 presentation, and start using Kerberos at home.  The video show show
  58 up in a few days.</p>
  59 </div>
  60
  61   <div class="tags">Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.</div>
  62
  63   </div>
  64
  65
  66
  67
  68
  69
  70 <div id="sidebar">
  71
  72 <h2>Archive</h2>
  73 <ul>
  74
  75 <li>2011
  76 <ul>
  77
  78 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/01/">January (16)</a></li>
  79
  80 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/02/">February (2)</a></li>
  81
  82 </ul></li>
  83
  84 <li>2010
  85 <ul>
  86
  87 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/01/">January (2)</a></li>
  88
  89 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/02/">February (1)</a></li>
  90
  91 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/03/">March (3)</a></li>
  92
  93 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/04/">April (3)</a></li>
  94
  95 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/05/">May (9)</a></li>
  96
  97 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/06/">June (14)</a></li>
  98
  99 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/07/">July (12)</a></li>
 100
 101 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/08/">August (13)</a></li>
 102
 103 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/09/">September (7)</a></li>
 104
 105 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/10/">October (9)</a></li>
 106
 107 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/11/">November (13)</a></li>
 108
 109 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/12/">December (12)</a></li>
 110
 111 </ul></li>
 112
 113 <li>2009
 114 <ul>
 115
 116 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/01/">January (8)</a></li>
 117
 118 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/02/">February (8)</a></li>
 119
 120 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/03/">March (12)</a></li>
 121
 122 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/04/">April (10)</a></li>
 123
 124 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/05/">May (9)</a></li>
 125
 126 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/06/">June (3)</a></li>
 127
 128 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/07/">July (4)</a></li>
 129
 130 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/08/">August (3)</a></li>
 131
 132 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/09/">September (1)</a></li>
 133
 134 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/10/">October (2)</a></li>
 135
 136 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/11/">November (3)</a></li>
 137
 138 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/12/">December (3)</a></li>
 139
 140 </ul></li>
 141
 142 <li>2008
 143 <ul>
 144
 145 <li><a href="http://people.skolelinux.org/pere/blog/archive/2008/11/">November (5)</a></li>
 146
 147 <li><a href="http://people.skolelinux.org/pere/blog/archive/2008/12/">December (7)</a></li>
 148
 149 </ul></li>
 150
 151 </ul>
 152
 153
 154
 155 <h2>Tags</h2>
 156 <ul>
 157
 158  <li><a href="http://people.skolelinux.org/pere/blog/tags/3d-printer">3d-printer (13)</a></li>
 159
 160  <li><a href="http://people.skolelinux.org/pere/blog/tags/amiga">amiga (1)</a></li>
 161
 162  <li><a href="http://people.skolelinux.org/pere/blog/tags/aros">aros (1)</a></li>
 163
 164  <li><a href="http://people.skolelinux.org/pere/blog/tags/bitcoin">bitcoin (2)</a></li>
 165
 166  <li><a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem (10)</a></li>
 167
 168  <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (48)</a></li>
 169
 170  <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (59)</a></li>
 171
 172  <li><a href="http://people.skolelinux.org/pere/blog/tags/digistan">digistan (7)</a></li>
 173
 174  <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (86)</a></li>
 175
 176  <li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (2)</a></li>
 177
 178  <li><a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling (11)</a></li>
 179
 180  <li><a href="http://people.skolelinux.org/pere/blog/tags/intervju">intervju (5)</a></li>
 181
 182  <li><a href="http://people.skolelinux.org/pere/blog/tags/kart">kart (7)</a></li>
 183
 184  <li><a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap (8)</a></li>
 185
 186  <li><a href="http://people.skolelinux.org/pere/blog/tags/lenker">lenker (4)</a></li>
 187
 188  <li><a href="http://people.skolelinux.org/pere/blog/tags/ltsp">ltsp (1)</a></li>
 189
 190  <li><a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia (11)</a></li>
 191
 192  <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (108)</a></li>
 193
 194  <li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (116)</a></li>
 195
 196  <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (19)</a></li>
 197
 198  <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (35)</a></li>
 199
 200  <li><a href="http://people.skolelinux.org/pere/blog/tags/reprap">reprap (11)</a></li>
 201
 202  <li><a href="http://people.skolelinux.org/pere/blog/tags/rfid">rfid (2)</a></li>
 203
 204  <li><a href="http://people.skolelinux.org/pere/blog/tags/robot">robot (4)</a></li>
 205
 206  <li><a href="http://people.skolelinux.org/pere/blog/tags/rss">rss (1)</a></li>
 207
 208  <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (23)</a></li>
 209
 210  <li><a href="http://people.skolelinux.org/pere/blog/tags/sitesummary">sitesummary (3)</a></li>
 211
 212  <li><a href="http://people.skolelinux.org/pere/blog/tags/standard">standard (24)</a></li>
 213
 214  <li><a href="http://people.skolelinux.org/pere/blog/tags/stavekontroll">stavekontroll (1)</a></li>
 215
 216  <li><a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance (7)</a></li>
 217
 218  <li><a href="http://people.skolelinux.org/pere/blog/tags/video">video (19)</a></li>
 219
 220  <li><a href="http://people.skolelinux.org/pere/blog/tags/vitenskap">vitenskap (1)</a></li>
 221
 222  <li><a href="http://people.skolelinux.org/pere/blog/tags/web">web (14)</a></li>
 223
 224 </ul>
 225
 226 </div>
 227  </body>
 228 </html>