From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: tuhs-bounces@minnie.tuhs.org X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=0.6 required=5.0 tests=MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE,SUBJ_ALL_CAPS autolearn=no autolearn_force=no version=3.4.2 Received: from minnie.tuhs.org (minnie.tuhs.org [45.79.103.53]) by inbox.vuxu.org (OpenSMTPD) with ESMTP id 1a2d53a0 for ; Mon, 5 Nov 2018 23:31:53 +0000 (UTC) Received: by minnie.tuhs.org (Postfix, from userid 112) id 60D8AA2431; Tue, 6 Nov 2018 09:31:51 +1000 (AEST) Received: from minnie.tuhs.org (localhost [127.0.0.1]) by minnie.tuhs.org (Postfix) with ESMTP id 8CCCEA1FBC; Tue, 6 Nov 2018 09:31:25 +1000 (AEST) Received: by minnie.tuhs.org (Postfix, from userid 112) id 49293A2162; Tue, 6 Nov 2018 07:44:02 +1000 (AEST) Received: from post.cogs.com (post.cogs.com [72.43.6.86]) by minnie.tuhs.org (Postfix) with ESMTPS id D546AA1FBC for ; Tue, 6 Nov 2018 07:44:01 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by post.cogs.com (Postfix) with ESMTP id C7F451017FD5E8; Mon, 5 Nov 2018 16:44:00 -0500 (EST) X-Virus-Scanned: amavisd-new at cogs.com Received: from post.cogs.com ([127.0.0.1]) by localhost (post.cogs.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id JKGhr7_XHKdS; Mon, 5 Nov 2018 16:44:00 -0500 (EST) Received: from rrcs-108-176-86-106.nys.biz.rr.com (rrcs-108-176-86-106.nys.biz.rr.com [108.176.86.106]) by post.cogs.com (Postfix) with ESMTPSA id 5698F1017FD5DF; Mon, 5 Nov 2018 16:44:00 -0500 (EST) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 12.1 \(3445.100.43\)) Date: Mon, 5 Nov 2018 16:43:59 -0500 References: <0289fa26-d157-8a65-389e-61dd7a01fcc4@spamtrap.tnetconsulting.net> To: Grant Taylor , Grant Taylor via TUHS In-Reply-To: <0289fa26-d157-8a65-389e-61dd7a01fcc4@spamtrap.tnetconsulting.net> Message-Id: X-Mailer: Apple Mail (2.3445.100.43) Subject: Re: [TUHS] YP / NIS / NIS+ / LDAP X-BeenThere: tuhs@minnie.tuhs.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: The Unix Heritage Society mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Ben Greenfield via TUHS Reply-To: Ben Greenfield Errors-To: tuhs-bounces@minnie.tuhs.org Sender: "TUHS" > On Nov 5, 2018, at 2:36 PM, Grant Taylor via TUHS = wrote: >=20 > On 11/05/2018 12:24 AM, Mantas Mikul=C4=97nas wrote: >> Let the client handle authentication via Kerberos >=20 > I don't know enough about Kerberos (yet) to know if it would be = possible for a login process to communicate with the KDC and get a TGT = as part of logging in, without already being logged in. >=20 > My ignorance is leaving me with a priming problem that seems like a = catch 22. You can't login without shadow information or TGT. But = traditional (simpler) kinit is run after being logged in. So ... how do = you detangle that? The only thing that I can come up with is that the = login process does the kinit functionality on the users behalf. I found that I had to do all of this using SASL.=20 I remember it as SASL would handle the kerberization during boot up = getting tickets for each LDAP entry that you wanted mapped to a service = on that client. I could be wrong but I think SASL seems to be way connect services on = Linux with LDAP that are served kerberized. Thanks, Ben >=20 > I can see how NIS(+) sans-shadow could still be useful. I can also = see how LDAP could be a close approximation / replacement for NIS(+) in = this case. >=20 >=20 >=20 > --=20 > Grant. . . . > unix || die >=20