Kerberos is fully wired into Linux distributions, is already used at large sites, and is increasingly widely used outside its traditional base. As you point out, there's also Samba ADS. I don't think you could seriously think of omitting to cover it.
The original task suggestion (as I saw it on this list) did cover one aspect of LDAP integration, ie SASL. Other kinds of LDAP integration, apart from "join MS AD domain using Samba" would I think be more prescriptive than descriptive, though maybe there could be tasks that require understanding of the relation between LDAP notions of user accounts (ie, posixaccount) or just people (eg, person, inetorgperson) and Kerberos principals? That would be universally applicable. (Noting that some very large sites that use both LDAP and Kerberos, don't publish Unix user accounts from LDAP, for a variety of reasons, while others do.)
Matt
Les Bell wrote:
I'm undecided on the value of Kerberos - except for the implementation inside MS ADS, it hasn't caught on outside the US, and I seem to recall that the OpenSSL project has been discussing dropping support for it?
If we *do* do Kerberos, would it be worthwhile integrating it with LDAP, as that's how it's most often seen, AFAIK?
Best,
--- Les Bell, RHCE, CISSP [http://www.lesbell.com.au]
_______________________________________________ lpi-examdev mailing list [EMAIL PROTECTED] http://list.lpi.org/mailman/listinfo/lpi-examdev
_______________________________________________ lpi-examdev mailing list [EMAIL PROTECTED] http://list.lpi.org/mailman/listinfo/lpi-examdev
