Single sign-on
This is the ProgClub Single sign-on project. The idea is that users can login to our systems using a single username and password. For other projects see Projects.
Project status
Underway. Kerberos has been configured on charity, which is the KDC. Still need to configure NFS for user home directories, get LDAP working, and figure out what the PAM configuration should be.
Contributors
Members who have contributed to this project. Newest on top.
Copyright
Copyright 2011, Contributors. Licensed under the New BSD license.
Links
- Kerberos
- Kerberos: The Network Authentication Protocol
- Designing an Authentication System
- OpenSSH & Kerberos
TODO
Things to do, in rough order of priority:
- Investigate Svn/Kerberos integration (maybe via Apache?)
- Investigate MySQL/Kerberos integration
Done
Stuff that's done. Latest stuff on top.
- JE 2011-08-15: Configured /home mounts for hope and honesty to charity:/home
- JE 2011-08-15: Configured SSH logins to use Kerberos/LDAP on hope and honesty
- JE 2011-08-15: Configured /home NFS share on charity
- JE 2011-08-06: Installed OpenLDAP on charity
- JE 2011-08-04: Configured charity as the KDC
Kerberos
Ports for the KDC and Admin Services: The default ports used by Kerberos are port 88 for the KDC and port 749 for the admin server.
See Kerberos for ProgClub's Kerberos configuration.