speedy zinc wrote:
Thanks for replying.
--- Rich Megginson <rmeggins(a)redhat.com> wrote:
>>Or does that
>>mean I need to setup a kerberos server and use RHDS
>>
>>
>as
>
>
>>the backend for user information?
>>
>>
>>
>>
>Yes. When you use kinit to acquire your ticket, you
>can use that ticket
>to authenticate to the directory server.
>
>
>
So, if I understand what you're saying, the directory
server is acting as the TGS?
No. You have to set up the usual Kerberos TGS. The directory server
merely uses the tickets, like any other server/service.
I'm going to setup a kerberos tonight. Which one works
better with FDS? MIT or Heimdal?
I'm not sure. The instructions we have in our docs are geared towards
MIT, but Heimdal may work just fine.
>>And this one:
>>- Impersonation (proxy) for multi-tier client
>>applications.
>>
>>Could someone explain what does it mean and how can
>>
>>
>it
>
>
>>be used?
>>
>>
>>
>>
>Sure. This is most often used with web apps or
>other apps that set up a
>pool of connections to the directory server. Each
>connection in the
>pool is bound as a proxy user. When a real user
>wants to authenticate,
>the proxy connection passes the real user's bind
>credentials to the
>directory server using the proxy auth control.
>
>
>
Oh, ok. I was thinking about something else :)
It can also mean chaining. You can set up the directory server to use
another directory server as a database - what we refer to as a chaining
backend or database in our docs. The use of a directory server to act
as a "front-end" to another directory server is also called a proxy.
sz
__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users