[debian-lan-devel] Debian-LAN: installing a complete network environment

[Nico Kadel-Garcia]

I've been working with both Kerberos and Samba for 20 years. Writing "Yet
Another Authentication Management Tool(tm)" sounds unappealing, since there
are so many well established and tested ones. I'm actually curious what you
found inadequate about Samba, especially if you used the 4.0.x releases
which have stabilized the LDAP/Kerberos interactions in effective
cross-platform ways.

Now, if our friends over in Debian wanted to improve an underlying Kerberos
tool that's used for both Debian and Scientific Linux and other red Hat
based systems, I'd look at the "authconfig" tool and its /etc/pam.d
interactions, which are very flexible and not well managed. *Try* using
"authconfig" to delete the default enabled "example.com" Kerberos domain
from /etc/krb5.conf, or to manage integraiton with upstream Kerberos
domains, I dare you, Or try preventing "authconfig" from resetting values
which you didn't put in the command line, or getting it to load from an
actual configuration file, or to enable local password expiration. It gets
crazy out there!

But that's not a Kerberos problem, that's an authconfig and pam.d managemnt
problem.


On Fri, Oct 4, 2013 at 11:13 PM, Darko Gavrilovic <d.gavrilovic at gmail.com>wrote:


> To each his own. I actually like the post and his project idea. Also,
> claiming that Samba is the be all and end all to all enterprise client
> scenarios out there is a little over stating it. On more a few times
> have we have to drop Samba as it proved to be inadequate for the
> situation.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/debian-lan-devel/attachments/20131005/a8ce0ac4/attachment.html>