[Andreas B. Mundt] > We want kerberos, but we don't want to get rid of old structures. So > we open one more field of activity, split forces and everybody > maintains and improves what he knows or prefers or whatever, > thereby, from time to time, breaking the stuff of the > colleague. Perhaps we can (and should) improve that point too.
What old structures are you talking about? We have switched all user login authentication from LDAP to Kerberos (except Gosa, which seem incapable of using Kerberos for user authentication), and I am not aware of anything but Gosa using LDAP authentication now. > However, to come back to the issue, the next step concerning > kerberos would be to switch to nfs4. I assume you are talking about user home directories and shared folders, and not the LTSP root mount, because LTSP do not support NFS4 yet, and Kerberos based mounting is not really sensible for stateless machines. So we will end up with NFS3 and and NFS4 if we get NFS4 working for home directories. But I would love ot get user home directory mounting away from netgroup and IP based authentication. To me the next step with Kerberos would be to get Gosa, CUPS and Nagios to use Kerberos tickets when logging in to get rid of the last LDAP authentication user and ensure single signon for more services. Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110106112402.gk...@login1.uio.no
