[Infrastructures] user management (mixing afs,ldap,kerberos)

[Sean Kelly]

On Wed, Mar 09, 2005 at 01:22:49PM +0100, Rudy Gevaert wrote:
> I'm doing my masters thesis about "Infrastructure management with Free
> Software".
> 
> The paper on the website has been my starting point and I'm
> investigating how to put it al together.
> 
> I have a question about user management.
> 
> NIS and NFS are tightly coupled.  And seem to be a good duo, if you
> neglect the security problems with NIS and NFS.  Also NFS isn't a good
> distributed file system.  It's better to replace NIS with LDAP.
> 
> A better option is AFS.  And I'm now trying to get that to work.  But
> for AFS you need Kerberos.  And if I'm correct you still need
> something like NIS or LDAP (let us use LDAP).  How can you now easily
> manage Kerberos and LDAP?  For each LDAP user you need a Kerberos
> principal, right?
> 
> Any suggestions to this, or other suggestions are more than welcome.

I am also interested in this area, since I'm looking at deploying an
infrastructure just like you describe (AFS, etc). Areas I've been looking
at are MIT's Project Athena (where Kerberos came from), Iowa State's
Project Vincent, and other similar things. These two actually use hesiod as
a directory service. Hesiod is DNS-based, which is an interesting approach.

I am looking for reading material in this area, so if you have anything to
suggest please let me know. I recently got a book titled:
     Managing AFS by Richard Campbell

However, I'm in the market for a book that shows how to combine
LDAP/NIS/Hesiod, Krb5, and AFS seamlessly.

-- 
Sean M. Kelly
Assistant Unix Administrator/Programmer
Division of Information Technology
Creighton University
(402) 280-2264