I have been rebuilding my home server machine (using Fedora 16) after having to replace the drive. Enough has changed in the packages I’m using (and enough was inadequate or just poorly understood about my previous configuration) that I opted to start more-or-less from scratch.
Kerberos + OpenLDAP + NFS. I want shared home directories (that just might be capable of roaming) and a shared address book. I am surprised that this remains so complicated and poorly documented. Well, calling it “poorly documented” isn’t entirely fair. The packages involved have ample documentation. But that documentation seems generally to be targeted at someone who has some interest in becoming an expert. I do not want to be an expert at this. There are some “how-to”-style guides written by some generous souls on the net; but most of them are out of date and/or cover slightly different scenarios and/or different Linux distributions (which can have nontrivially different default configurations of some packages).
In the face of this, I dipped my toe in FreeIPA. FreeIPA is a project that’s supposed to simplify a lot of this. But it’s not for me. My biggest problem with it is that it targets the enterprise use case and, as such, does a lot of things that I really don’t care about. I also didn’t care for the fact that, for management, it depends on a Web application that I couldn’t get to work anywhere but Firefox.
So, in spite of my frustration with OpenLDAP, I have opted to press forward with it. And my thick-headedness is finally bearing fruit. I have managed to get Kerberos and OpenLDAP playing nicely together, with Kerberos using LDAP for its database. I’ve even found an LDAP browser that doesn’t suck.
Write-ups on how to string this stuff together on modern Fedora will be forthcoming.