Coda File System

Re: coda / ldap

From: Ivan Popov <pin_at_medic.chalmers.se>
Date: Mon, 9 May 2005 11:13:51 +0200
On Mon, May 09, 2005 at 10:36:27AM +0200, Ivan Popov wrote:
> LDAP is not an authentication service, rather a directory one.
> Coda does not use it.

I should have said that Coda has a modular login mechanism, so
you can e.g. use password hashes to authenticate against Coda, if it
happens to be your authentication data.

There is no such module yet, but it would be rather trivial to write.
The problem with this method is that you would need to send the password
from the client to the Coda authentication server in the clear.
It can be worked around by using ssl or other means of encryption but
in general it should not be considered as a good option.

Moving your user database to Kerberos is more flexible and usable solution
in the long run. It is also transparently usable by Coda.

Coda user database is implemented internally by Coda servers.
Theoretically it can be implemented with a LDAP server as a backend,
but LDAP is definitely not the most suitable backend for that purpose.

There is no need (nor possibility) to share a Coda realm user database with
Coda clients, as a client host view of user ids is incompatible with
the Coda ids which are global.

Authentication and authorization for purposes of logging in to a host
(right to run processes on the host) has in general not much to do with
a right to access some objects on a global file system.
NFS confuses the two things, which does not imply that its approach
is a "right" one... :(

Regards,
--
Ivan
Received on 2005-05-09 05:14:57