Tuesday, May 25, 2010

I was mistaken...

So I read up on Kerberos, LDAP and NFS. So Kerberos is an authentication protocol that allows you to authenticate users over a network, securely. LDAP is what Wikipedia puts it an "application protocol for querying and modifying data using directory services running over TCP/IP" and an example it being something like a telephone directory. NFS allows a user to access a directory on the network as if it was one their machine. So assuming everything was simple and went honky dory here is how a SSO would lay out. (Over simplified version up ahead!)

So there would be two servers on the network (you could run it all one three or one if you want things to be slow). One server would have Kerberos and LDAP. Every client would also have the Kerberos client installed. On the KL server (see the acronym there?) clients would authenticate using Kerberos. Once authenticated LDAP would point to the NFS server where then the client would mount the user's home directory, or whatever you want. Here's a nice article (written for Red Hat) that shows how to create a Kerberos, LDAP, NFS system.

Nice article.

One thing is I don't know what kind of budget Senior jelkner (yes jelkner) has or what kind of hardware would be necessary. I assume for the KL server you wouldn't need a powerful machine but mounting the home directory of everyone in the class would be taxing on the NFS server and bandwidth hungry.

1 comment:

  1. *This* is a nice post! Much better than the two that follow. You know what I like: specific information (investigation), critical reflection (reflection), and well designed experiments (investigation) -- all hopefully leading to a successful result.