Anyone use Kerberos for authentication?

[Red Squirrel]

Been reading up on this and it sounds interesting. Basically I would have a kerberos server, and all other workstation/servers would authenticate through that. So rather than having local accounts and having to try to sync the user IDs and such, it would be like a windows domain environment. Also if you SSH into another machine since you're already authenticated you don't have to reenter the password. Would also make NFS more secure from what I'm reading.

Just curious if anyone here has such a setup, and how well it works. Any pro/cons, and things I need to watch out for?

Also do I need ldap, most of what I read mentions ldap too, but it almost sounds like kerberos on it's own would work too? Is ldap to allow windows machines to also be part of the network? As that's what AD basically uses.

 

[Crusty]

I think you can run Kerberos standalone with it's own server/datastore mechanism but IIRC it's a bit obtuse to manage directly. If you use something like OpenLDAP to manage your users and accounts, then you can Kerberos to provide network wide SSO for your Linux systems.

 

[Red Squirrel]

Oh I see, so ldap would basically make it so I can manage the accounts through there? Guessing there are some web based tools and such I can use? Guessing I can also manage user groups and such as well kinda like AD?

 

[Crusty]

Oh I see, so ldap would basically make it so I can manage the accounts through there? Guessing there are some web based tools and such I can use? Guessing I can also manage user groups and such as well kinda like AD?

Yeah that sounds correct. Active Directory really is just an implementation of LDAP+kerberos.