I was a guest presenter at CCSF (City College of San Francisco) for a CNIT 270 Linux Network Administration course. My topic was Single Sign On. I found that this topic is immense and felt challenged to organize the material as well as relate it to the students.
Many were overwhelmed and some seemed bored at points, while a few were familiar with the topics and had some good questions. I organized the sections as:
- Business Case
- System Admin. Configuration
- Network Admin. Configuration
- Final Notes
The students asked some great questions (answers and links indented):
- Writing scripts and leveraging off of Kerberos authentication?
- Perl has modules that support SASL
- SASL supports Kerberos authentication
- Policies and Automation like Active Directory's Group Policy Objects?
- Change Configuration area has two popular tools:
- cfengine - http://www.cfengine.org/
- puppet - http://www.puppetlabs.com/
- How Kerberos is configured to setup file permissions?
- This is area under authorization
- File permissions can use POSIX ACLs
- Reference:
- NFSv4 - http://www.nfsv4.org/
- Andrew File System (OpenAFS) - http://www.openafs.org/
- CIFS (SAMBA) - http://www.samba.org/ and http://www.snia.org/tech_activities/CIFS/
- Postgres support?
- Authentication section in Postgres documentation has details
- Apache support?
- module referenced in presentation has support
- Scalability/Performance?
- needs to be tested to find trade-offs
- commercial solutions scale better, but small setup should be fine
No comments:
Post a Comment