[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: MIT Kerberos v5 and OpenLDAP

To: OpenLDAP Software List <openldap-software@OpenLDAP.org>
Subject: Re: MIT Kerberos v5 and OpenLDAP
From: Dieter Kluenter <dieter@dkluenter.de>
Date: 02 Feb 2004 22:04:33 +0100
In-reply-to: <200402021538.i12FcRnF021672@relay1.fe.up.pt>
References: <200402021538.i12FcRnF021672@relay1.fe.up.pt>

Hi,

Am Mon, 2004-02-02 um 16.38 schrieb Jorge Ruão:
> Hi all,
> 
> I?m currently implementing a system with MIT Kerberos V5, SASL, OpenSSL and
> off-course OpenLDAP.
> My big question is: to use MIT Kerberos V5 as an authentication mechanism,
> all user passwords must be stored in the KDC database. What can be done if I
> need to get a user password via LDAP?

krb5 and libgssapi will solve most of your problems. If a user has to
store her password in a directory you may use an other sasl mechanism,
that is sasl mechanism gssapi for krb5 principals and sasl mechanism
digst-md5 for directory stored passwords.

> I?m also looking for the schema: ?krb5-kdc.schema? where can this be found?

krb5-kdc.schema would only make sense with heimdal krb5 but not with MIT
krb5.

-Dieter
-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de

Follow-Ups:
- Re: MIT Kerberos v5 and OpenLDAP
  - From: Jeremy Hallum <jhallum@umich.edu>

References:
- MIT Kerberos v5 and OpenLDAP
  - From: Jorge Ruão <jruao@fe.up.pt>

Prev by Date: Re: Problem with OpenLDAP 2.2.5 configure go on
Next by Date: NIS replacements - netgroup
Index(es):
- Chronological
- Thread