[Andreas B. Mundt] > Does this mean we can't split ldap-server and kdc-server? Or is this > a bad idea anyway?
I suspect that is what it mean. On the other hand, using a unix domain socket might be a good idea to avoid having to store a admin password in clear text on the disk, and it might make it easier to bootstrap the Kerberos-LDAP setup automatically during installation. I do not know enought about Kerberos implementations to say which one is best for us. MIT and Heimdal Kerberos seem to be the most used, while shishi seem interesting too, but [1] make me suspect the project is sleeping/dead. They seem to have different problems and advantages, and I hope you are able to figure out which one is best for Debian Edu. 1 http://www.gnu.org/software/shishi/ Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100501172603.gi12...@login2.uio.no