[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenSSL + Kerberos + Cyrus-SASL + OpenLDAP
Quanah Gibson-Mount <quanah@stanford.edu> wrote:
>
> --On Sunday, October 12, 2003 10:02 AM -0400 Jim Seymour
> <jseymour@LinxNet.com> wrote:
>
> > My plan is the evaluate whether I can replace the rather disjointed
> > authentication and directory mechanisms we have in place at work (NIS+,
> > separate Samba passwd file, maybe even address books) with LDAP.
>
> We run OpenLDAP with OpenSSL, Kerberos, Cyrus-SASL & OpenLDAP. We have
> used it to replace our NIS service on Solaris, Linux, and Mac OS X boxes.
Great!
>
> > Now for the current burning question I have.
> >
> > In order to do what I'm trying to do, *is* it necessary to build
> > OpenSSL *itself* with Kerberos support?
>
> No. And when you build OpenLDAP with Kerberos support, make sure you use
> Heimdal K5 and not MIT K5 at this time. I'm currently in contact with
> folks at MIT to improve their thread support, but have no ETA on when any
> of that will be in place.
Very well. MIT Kerberos removed. I'm building Heimdal Kerberos even
as I type this. (Too bad Heimdal doesn't appear to have the extensive
self-test stuff MIT Kerberos has.)
I'm *assuming* I should build and install Kerberos before OpenLDAP? Or
doesn't it matter? I note Heimdal Kerberos has a --with-openldap
configure switch, but it looks like that's to allow Heimdal Kerberos to
store its data in an OpenLDAP database, rather than its own dbd.
Thanks for the quick follow-up and info, btw.
--
Jim Seymour | PGP Public Key available at:
jseymour@LinxNet.com | http://www.uk.pgp.net/pgpnet/pks-commands.html
http://jimsun.LinxNet.com |