Re: ldap and Kerberos



You can use netgroups within LDAP to control who can login to what
server..



Jon



From: IBM AIX Discussion List [mailto:aix-l@xxxxxxxxxxxxx] On Behalf Of
AIX
Sent: Thursday, August 27, 2009 10:02 AM
To: aix-l@xxxxxxxxxxxxx
Subject: Re: ldap and Kerberos



This is a usual question that I have been asked :



In case we create a user in LDAP, how we can restrict the user to access
only few servers.

I believe that is the place Kerberos come to play.



Is there any other solution to restrict users accessing servers that are
using LDAP ?





From: IBM AIX Discussion List [mailto:aix-l@xxxxxxxxxxxxx] On Behalf Of
Mills, John T
Sent: Thursday, August 27, 2009 9:31 AM
To: aix-l@xxxxxxxxxxxxx
Subject: Re: ldap and Kerberos



If run in conjunction with AD, kerberized ldap installs will allow full
use of account administration. Without kerberos, you can pull the
password for authentication only.



John T. Mills



________________________________

From: IBM AIX Discussion List [mailto:aix-l@xxxxxxxxxxxxx] On Behalf Of
Tansley, David
Sent: Thursday, August 27, 2009 8:51 AM
To: aix-l@xxxxxxxxxxxxx
Subject: ldap and Kerberos

Hello.

Can someone explain the benefits if any ,of running Kerberos and ldap
together, instead of just using ldap ( TDS) for authentication.



Thanks

DT





David Tansley

Email: david.tansley@xxxxxxxxxxxx








____________________________________________________________________
This email is intended for the designated recipient(s) only, and may be
confidential, non-public, proprietary, protected by the attorney/client
or other privilege. Unauthorized reading, distribution, copying or other
use of this communication is prohibited and may be unlawful. Receipt by
anyone other than the intended recipient(s) should not be deemed a
waiver of any privilege or protection. If you are not the intended
recipient or if you believe that you have received this email in error,
please notify the sender immediately and delete all copies from your
computer system without reading, saving, or using it in any manner.
Although it has been checked for viruses and other malicious software
("malware"), we do not warrant, represent or guarantee in any way that
this communication is free of malware or potentially damaging defects.
All liability for any actual or alleged loss, damage, or injury arising
out of or resulting in any way from the receipt, opening or use of this
email is expressly disclaimed.
______________________________________________________________________