[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP+Kerberos



Ng Chin Leong [05/12/03 08:43 +0800]:
> Hello,
> I have setup a RedHat LDAP server for authentication among linux client
> but now I would like to integrate it for single-sign on using Kerberos.
> I know that by configuring heimdal or Kerberos V with LDAP could do the
> job but just have no idea how to start. I even have problem compiling
> with the options from source. Would appreciate if anyone would suggest
> me a good site for me to start.
> 

I only have experience with OpenLDAP 2.0 and SASL 1.5, but what you'll
probably need to do is compile OpenLDAP with SASL support and do Kerberos
authentication over GSSAPI with the SASL GSSAPI module.  You should really
only need to compile LDAP with Kerberos support if you need to map
userPassword attributes to Kerberos principals (for instance, so clients can
do simple binds to the directory using their Kerberos password.)  As for
resources, check out http://www.bayour.com/LDAPv3-HOWTO.html for a good
overview as to how to get it up and running, although that guide deals only
with OpenLDAP 2.0 and SASL 1.5.

> Cheers,
> Chin Leong
> 

-- 
Chris Schadl
cschadl@satan.org.uk

Attachment: pgpRg0zKUIZFi.pgp
Description: PGP signature