[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Openldap authenticating against Kerberos server for userPassword





--On Thursday, July 01, 2004 2:13 PM -0400 Frank Swasey <Frank.Swasey@uvm.edu> wrote:

Today at 12:54pm, tuliol@sybatech.com wrote:

Has anybody been successful in using a Kerberos server to authenticate
openldap user entries?

Are you attempting to have people who already have Kerberos tickets authenticate to OpenLDAP or have people give their Kerberos password to OpenLDAP and be authenticated?

From the much clearer explanation he emailed me off of the list:

I want to setup an openldap directory that authenticates against a
Microsoft
Active directory Kerberos server. Right now the test server running the
openldap server is a Redhat Linux AS 3 Server and it can authenticate
using
pam against the MS AD Kerberos server.

Can you give me some guidance in how to do this?

I have saslauth running with (/usr/sbin/saslauthd -m /var/run/saslauthd -a
kerberos5)  I am not sure if that is something I need.

Each user entry in the directory have the following kerberos attributes:
krb5PrincipalName: stest75@UNIV.UNIV.EDU
userPassword: {SASL}stest75@UNIV.UNIV.EDU

I also have a /usr/lib/sasl2/slapd.conf with:
pwcheck_method:saslauthd
saslauthd_path:/var/run/saslauthd/mux
keytab:/etc/krb5.keytab

Any help will be appreciated.

Basically, it sounds like OpenLDAP needs to authenticate against a Microsoft KDC to verify the user's password.


--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html