--- Mark Campbell <[EMAIL PROTECTED]> wrote:
> When you ask about nagios support are you asking > about authentication to I'm referring to nagios authentication of restricted pages, but it's more of webserver/browser negotiation problem as others have already mentioned. > the nagios interface or monitoring a KDC? If you > asking about > monitoring I have written a plug in for nagios that > monitors our KDCs > here. I am sure I could share. Thanks! Your plugin is interesting, I'll be looking forward to obtaining it when we already have our kdc configured. > > Mark > > jay alvarez wrote: > > >Good day, > > > > We had a meeting last time regarding the need for > a > >centralized authentication in our agency. Everyone > >except me, was looking into using an ldap > directory. I > >insist on them that if we were to use ldap for sole > >authentication purpose, ldap was not designed for > it, > >and we should be considering the use of kerberos > >instead. But I told them that there is a catch, if > we > >were to use kerberos, we must find a kerberized > >versions for those network services we wish to use > the > >kerberos authentication. In short, other custom > made > >apps, such as web applications must find a way to > know > >how to interact with kerberos. On the other hand, > >doing some research of my own, ldap support for > >popular services seems to be more available than > that > >with kerberos support. At the end of our meeting, > we > >have agreed upon the accounting of our services > which > >requires authentication and finding out if it > supports > >authentication through ldap(since we still need the > >directory functions of ldap). > > > >But my problem is this, I've been reading a lot of > >discussion regarding the use of kerberos > >authentication, its stregth against other > mechanisms, > >the whole protocol itself and I'm pretty much > >convinced that for authentication, kerberos is the > >only way to go. In short, I'm still looking forward > to > >using kerberos in our network services > authentication > >instead of ldap which leads me to a bigger problem. > >Will it be achievable for the following services?: > > > >jabberd2 (by just looking at its config file, it > >definitely supports ldap, not sure with kerberos) > > > >Nagios server monitoring(I've heard some > discussions > >regarding its ldap support, not sure with kerberos) > > > >rt3 TTS(also read some ldap support, not sure with > >kerberos) > > > >email (qmail or postfix) I just bumped into a > document > >saying postfix supports sasl/gssapi, and qmail has > a > >qmail-ldap version but not sure with > qmail-kerberos. > > > >ssh (I saw its sshd_config and it has an option for > >kerberos authentication) > > > >Unix login (I'm also quite sure it supports being > >kerberized) > > > >radius wifi login( ldap support, also not sure with > >kerberos) > > > >ftp (although kerberos provides kerberized ftpd, we > >are currently using ProFTP, no idea if it supports > >kerberos authentication) > > > >samba( we are using snap server. Its an appliance > >which if it doesn't support kerberos, there's no > way > >to tweek it, I guess.) > > > >web apps( I've read some docs regarding apache > modules > >for kerberos, some patches for some web browser to > >support kerberos authentication and also some rfcs > >which discusses adding kerberos mech to the SSL/TLS > >protocol. > > > >openldap directory( it definitely supports > kerberos) > > > >Summary of apps that I'm SURE it has kerberos > support: > >postfix > >ssh > >unix logins > >ldap > > > >Summary of apps that I'm NOT SURE if it has > kerberos > >support: > > > >jabberd2 > >webapps > >samba(Snap server) > >radius > >rt > >nagios > > > >Our bosses relies on best practices most of the > time > >such as using the most widely use email server, > ftp, > >etc. If only I can convince them the ease of having > a > >rock-solid single sign-on environment kerberos has > to > >offer, which I think I can, I'm sure it would be > easy > >to convince them to use other software alternatives > if > >it supports kerberos rather than those popular ones > >which lacks it. > > > >My huge problem is, will it be achievable for those > >services I have mentioned above? IMO, I don't see > any > >sense on kerberizing some of the services while > others > >are still authenticating through ldap, do you? > > > >What do you think? > > > > > >Thanks! > >-jay > > > > > > > > > > > > > > > > > > > > > >__________________________________ > >Yahoo! Mail > >Stay connected, organized, and protected. Take the > tour: > >http://tour.mail.yahoo.com/mailtour.html > > > >________________________________________________ > >Kerberos mailing list Kerberos@mit.edu > >https://mailman.mit.edu/mailman/listinfo/kerberos > > > > > > __________________________________ Discover Yahoo! Find restaurants, movies, travel and more fun for the weekend. Check it out! http://discover.yahoo.com/weekend.html ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
