On Mon, 2004-09-27 at 19:26, Karl Latiss wrote:
Maybe I'm missing something here, but with LDAP as a backend single sign-on seems to work just fine for Samba (and therefore Windows), email, FTP, you name it. I only have to manage the users in LDAP - no other DB at all.
There are issues with what attributes passwords are stored in, access to those passwords and what format they are in.
For example, Samba reads and uses the sambaNTPassword and sambaLMPassword, but OpenLDAP (and other applications) don't use these by default, when authenticating a login. I'm not entirely sure what dovecot wants to use, but it's likewise 'yet another password'. Oh, and I hate 'password sync' issues.
I have solutions I use to avoid all these problems (even Kerberos!), but they are not yet mainstream - what I'm doing here is trying to avoid another application that will 'break' without it's own special password.
Andrew Bartlett
-- Andrew Bartlett abartlet@samba.org Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net