[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Openldap authenticating against Kerberos server for userPassword



Exactly I need OPENLDAP to authenticate against a Microsoft KDC to verify the 
user's password.  Has anybody done this before?  or can somebody point me to 
the right direction.

Quoting Quanah Gibson-Mount <quanah@stanford.edu>:

> 
> 
> --On Thursday, July 01, 2004 2:13 PM -0400 Frank Swasey 
> <Frank.Swasey@uvm.edu> wrote:
> 
> > Today at 12:54pm, tuliol@sybatech.com wrote:
> >
> >> Has anybody been successful in using a Kerberos server to authenticate
> >> openldap user entries?
> >
> > Are you attempting to have people who already have Kerberos tickets
> > authenticate to OpenLDAP or have people give their Kerberos password to
> > OpenLDAP and be authenticated?
> 
> >From the much clearer explanation he emailed me off of the list:
> 
> >I want to setup an openldap directory that authenticates against a 
> Microsoft
> >Active directory Kerberos server.  Right now the test server running the
> >openldap server is a Redhat Linux AS 3 Server and it can authenticate 
> using
> >pam against the MS AD Kerberos server.
> >
> >Can you give me some guidance in how to do this?
> >
> >I have saslauth running with (/usr/sbin/saslauthd -m /var/run/saslauthd -a
> >kerberos5)  I am not sure if that is something I need.
> >
> >Each user entry in the directory have the following kerberos attributes:
> >krb5PrincipalName: stest75@UNIV.UNIV.EDU
> >userPassword: {SASL}stest75@UNIV.UNIV.EDU
> >
> >I also have a /usr/lib/sasl2/slapd.conf with:
> >pwcheck_method:saslauthd
> >saslauthd_path:/var/run/saslauthd/mux
> >keytab:/etc/krb5.keytab
> >
> >Any help will be appreciated.
> 
> Basically, it sounds like OpenLDAP needs to authenticate against a 
> Microsoft KDC to verify the user's password.
> 
> --Quanah
> 
> --
> Quanah Gibson-Mount
> Principal Software Developer
> ITSS/Shared Services
> Stanford University
> GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
>