Final Thoughts
| | ||
| | ||
| | ||
Making Linux and Windows share files can really be a challenge. As we've explored, the Linux camp is diligently working on making Linux more compatible with Windows . Ideally, full Kerberization of all key file services ( especially for Samba) will occur. That way, a user who logs into a Linux machine using an Active Directory domain account will have 100 percent seamless integration with existing Windows file servers across the entire domain, only needing to log on once.
But as of today, it just isn't there. For the time being, file sharing between Linux and Windows definitely works, but the potential for true single-sign-on for Linux clients remains largely unrealized. Redundant password prompts abound and currently the " keyring " features are only a band -aid. Kerberization is the wave of the future.
I'm not saying we should give up hope. There's plenty of additional resources to check out when it comes to Kerberos and interoperability. And initial support for it has already appeared in the latest development versions of the GNOME desktop on which Fedora's desktop is built.
| |
We've seen Kerberos in the last several chapters. And, at this point in the book, we'll be putting Kerberos to bed. Here are some suggested avenues for additional reading about the potential for Kerberos interoperability that we weren't able to delve in to.
Windows 2000 Kerberos Authentication This document introduces how Kerberos is implemented on Windows 2000 (and Active Directory in general). The material here is largely kosher for Windows 2003 as well. Find the doc at www.microsoft.com/windows2000/techinfo/howitworks/security/kerberos.asp .
Windows 2000 Kerberos Interoperability and Step-by-Step Guide to Kerberos 5 (krb5 1.0) Interoperability These documents really show you how to perform cross-realm compatibility with an existing Kerberos realm. Start at www.microsoft.com/windows2000/techinfo/howitworks/security/kerbint.asp and continue onward to www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp .
Centralized User Management with Kerberos and LDAP If you're planning on using LDAP as the repository for the accounts and want a second opinion on how to Kerberize it, a great article is at www.samag.com/documents/s=9494/sam0502a/0502a.htm .
| |
| | ||
| | ||
| | ||
EAN: N/A
Pages: 71