[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenSSL + Kerberos + Cyrus-SASL + OpenLDAP



Quanah Gibson-Mount <quanah@stanford.edu> wrote:
> 
> --On Sunday, October 12, 2003 10:02 AM -0400 Jim Seymour 
> <jseymour@LinxNet.com> wrote:
> 
> > My plan is the evaluate whether I can replace the rather disjointed
> > authentication and directory mechanisms we have in place at work (NIS+,
> > separate Samba passwd file, maybe even address books) with LDAP.
> 
> We run OpenLDAP with OpenSSL, Kerberos, Cyrus-SASL & OpenLDAP.  We have 
> used it to replace our NIS service on Solaris, Linux, and Mac OS X boxes.

Great!

> 
> > Now for the current burning question I have.
> >
> > In order to do what I'm trying to do, *is* it necessary to build
> > OpenSSL *itself* with Kerberos support?
> 
> No.  And when you build OpenLDAP with Kerberos support, make sure you use 
> Heimdal K5 and not MIT K5 at this time.  I'm currently in contact with 
> folks at MIT to improve their thread support, but have no ETA on when any 
> of that will be in place.

Very well.  MIT Kerberos removed.  I'm building Heimdal Kerberos even
as I type this.  (Too bad Heimdal doesn't appear to have the extensive
self-test stuff MIT Kerberos has.)

I'm *assuming* I should build and install Kerberos before OpenLDAP?  Or
doesn't it matter?  I note Heimdal Kerberos has a --with-openldap
configure switch, but it looks like that's to allow Heimdal Kerberos to
store its data in an OpenLDAP database, rather than its own dbd.

Thanks for the quick follow-up and info, btw.

-- 
Jim Seymour                  | PGP Public Key available at:
jseymour@LinxNet.com         | http://www.uk.pgp.net/pgpnet/pks-commands.html
http://jimsun.LinxNet.com    |