[nycbug-talk] Sama Kerberos Proxy
Johnny Lam
jlam at pkgsrc.org
Fri Jun 23 17:33:19 EDT 2006
swygue wrote:
> I am interested it setting up a samba box as proxy between my FreeBSD
> servers and Active Directory to provide kerberoize logins. And I am
> interested in how other's implented a single sign-on enviroment by way
> of Microsoft Active Directory.
You don't need a Samba box at all. Just add the services (e.g. host,
imap, smtp, etc.) running on your FreeBSD box to your Active Directory
domain. The O'Reilly Kerberos book by Jason Garman is a good resource
for this type of mixed environment and has step-by-step examples on how
to do this. Then just kinit to get your tickets and start Kerberizing
your services.
Alternatively, you can fully integrate your FreeBSD server into your
Active Directory by installing Samba and using pam_winbind and
nss_winbind. Then the Active Directory becomes the centralized
management point for users and groups (no need to replicate the logins
in /etc/passwd on your FreeBSD box), and you can PAMify all of your
services. It's not single-sign-on because using PAM will still require
you to enter a password for each service you use, but your Windows and
FreeBSD boxes will all share the same users and passwords.
I do both of the above in production with all software installed from
pkgsrc, though I use NetBSD of course ;-)
Cheers,
-- Johnny Lam <jlam at pkgsrc.org>
More information about the talk
mailing list