[KLUG Members] Distributed Authentication
Adam Williams
members@kalamazoolinux.org
Wed, 19 Feb 2003 11:10:56 -0500 (EST)
>I have 4 sites all running RH7.3 and Samba, connected to the Internet.
>What I'm looking to do is some how not have to manage all the usernames
>and passwords separably from each site. I'd like to have them sync
>through the Internet. Right now I just use passwd with shadow passwords
>and smbpasswd for user access. Right now only one server hosts email using
>Sendmail. Everyone IMAPs into this server to get their mail. My users are
>running Win95 through WinXP and a few RH8 Workstations.
Are you using VPNs to connect the networks at the different sites?
>I was thinking of two solutions NIS or LDAP.
Not NIS, over the internet, no way.
LDAP can do what you want. Replication isn't a problem, and can be
encrypted. Just be sure to use a strong authorization scheme between the
master slurpd and the replicant slapds.
>Ideally I would only have to add a user once and they would have access
>to all Samba servers and an email address. They would also have only one
>password synchronized throughout the system.
Thats LDAP.
>Has anybody done this?
Yep.
>Which system should I use?
OpenLDAP.
>Any recommendation, pointers, or suggestion would be helpful
ftp://ftp.kalamazoolinux.org/pub/pdf/ldapv3.pdf