This is the ProgClub Single sign-on project. The idea is that users can login to our systems using a single username and password. For other projects see Projects.
Done! Kerberos has been configured on charity, which is the KDC. An NFS share for users' home directories has been configured on charity. Hope and honesty have been configured with an appropriate Kerberos/LDAP/PAM client configuration. Svn access to the read-write member's only version of pcrepo has been secured with Kerberos integration (via Apache and HTTPS).
Members who have contributed to this project. Newest on top.
All contributors have agreed to the terms of the Contributor License Agreement. This excludes any upstream contributors who tend to have different administrative frameworks.
- Kerberos: The Network Authentication Protocol
- Designing an Authentication System
- OpenSSH & Kerberos
Things to do, in rough order of priority:
- Investigate MySQL/Kerberos integration
Stuff that's done. Latest stuff on top.
- JE 2011-08-16: Integrated svn with Kerberos (via Apache)
- JE 2011-08-15: Configured /home mounts for hope and honesty to charity:/home
- JE 2011-08-15: Configured SSH logins to use Kerberos/LDAP on hope and honesty
- JE 2011-08-15: Configured /home NFS share on charity
- JE 2011-08-06: Installed OpenLDAP on charity
- JE 2011-08-04: Configured charity as the KDC
Ports for the KDC and Admin Services: The default ports used by Kerberos are port 88 for the KDC and port 749 for the admin server.
See Kerberos for ProgClub's Kerberos configuration.