It was easier than setting up the SSL cert for LDAP and I was also 
trying to see how tough it would be to use this method to integrate with 
windows authentication.  It's also easy to integrate with Apache, which 
is something else I needed.

Eric F Crist wrote:
> Why not just use LDAP for authentication, too, at that point?
>
>
> On Mar 25, 2008, at 6:27 PM, Jon Schewe wrote:
>> I've done something a little larger, up to 50 users and found that a
>> hybrid kerberos & LDAP approach worked reasonably well.  Kerberos is
>> used for authentication and LDAP is used for the home directory and
>> group info.
>>
>> Some pointers are here: http://del.icio.us/jpschewe/lug.auth  Some of
>> these links are related integrating with windows since active directory
>> uses kerberos.
>>
>> Mark Mitchell wrote:
>>> My current network looks like this;
>>> 1. A 'file server' running Debian Stable exporting a media share and
>>> home directories via nfs.  Samba was working on here the last time I
>>> had a windows machine on the network.,
>>> 2, My old desktop running Debian testing,
>>> 3, My new desktop running Kubuntu.  (Thanks, Samir)
>>> 4, I will soon be adding a windows XP machine, that will need to have
>>> access to at least the samba share on the 'file server'.
>>>
>>> I have 4 users. (Parents and two kids), right now, all 4 users have an
>>> account on the old desktop.  I just remembered, I might have a couple
>>> logins on the file server for friends to log in from outside the
>>> network.  Rarely used, SSH only.
>>>
>>> Keeping /etc/hosts and uid/gid information has become unwieldy. I know
>>> my nfs share is a permissions mess right now, but I need to get the
>>> uid/gid information synced across all the machines before I really
>>> have a hope of getting that cleaned up.
>>>
>>> What system should I learn about that best fits my network size and
>>> the scope of the problem?  LDAP? NIS? rsyncing the appropriate files
>>> from a common place?
>>>
>>> Pointers appreciated.
>>>
>>> Mark
>>>
>>> _______________________________________________
>>> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
>>> tclug-list at mn-linux.org
>>> http://mailman.mn-linux.org/mailman/listinfo/tclug-list
>>>
>>
>> -- 
>> Jon Schewe | http://mtu.net/~jpschewe
>> If you see an attachment named signature.asc, this is my digital
>> signature.
>> See http://www.gnupg.org for more information.
>>
>> For I am convinced that neither death nor life, neither angels
>> nor demons, neither the present nor the future, nor any
>> powers, neither height nor depth, nor anything else in all
>> creation, will be able to separate us from the love of God that
>> is in Christ Jesus our Lord. - Romans 8:38-39
>>
>>
>> _______________________________________________
>> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
>> tclug-list at mn-linux.org
>> http://mailman.mn-linux.org/mailman/listinfo/tclug-list
>
> -----
> Eric F Crist
> Secure Computing Networks
>

-- 
Jon Schewe | http://mtu.net/~jpschewe
If you see an attachment named signature.asc, this is my digital
signature.
See http://www.gnupg.org for more information.

For I am convinced that neither death nor life, neither angels 
nor demons, neither the present nor the future, nor any 
powers, neither height nor depth, nor anything else in all 
creation, will be able to separate us from the love of God that 
is in Christ Jesus our Lord. - Romans 8:38-39