[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Simple binds authenticating against Kerberos



Hi,

Digant Kasundra <digant@uta.edu> writes:

> Hello,

> I'm relatively new at mixing OpenLDAP and Kerberos so please bear with me.  We have
> some apps that can only do simple binds to LDAP but we want to manage all our
> passwords in the Kerberos realm.  I know there is a way to use SASL such that a
> person can get a ticket from kerberos and than use it to access LDAP.

> But lets say the person just does a simple bind to LDAP.  Is there a way to tell
> OpenLDAP to use than username and password against Kerberos to see if it is valid? 
> It seems the OpenLDAP manual parts that I've seen don't seem to address this (to my
> understanding).

There has been a solution on this list a couple of days ago, combining
the pam modules pam_ldap, pam_unix2 and pam_krb5. So if your system
supports pam, just change pam_krb5afs to pam_krb5

http://www.openldap.org/lists/openldap-software/200403/msg00224.html

-Dieter

-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de