[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Openldap authenticating against Kerberos server for userPassword
Exactly I need OPENLDAP to authenticate against a Microsoft KDC to verify the
user's password. Has anybody done this before? or can somebody point me to
the right direction.
Quoting Quanah Gibson-Mount <quanah@stanford.edu>:
>
>
> --On Thursday, July 01, 2004 2:13 PM -0400 Frank Swasey
> <Frank.Swasey@uvm.edu> wrote:
>
> > Today at 12:54pm, tuliol@sybatech.com wrote:
> >
> >> Has anybody been successful in using a Kerberos server to authenticate
> >> openldap user entries?
> >
> > Are you attempting to have people who already have Kerberos tickets
> > authenticate to OpenLDAP or have people give their Kerberos password to
> > OpenLDAP and be authenticated?
>
> >From the much clearer explanation he emailed me off of the list:
>
> >I want to setup an openldap directory that authenticates against a
> Microsoft
> >Active directory Kerberos server. Right now the test server running the
> >openldap server is a Redhat Linux AS 3 Server and it can authenticate
> using
> >pam against the MS AD Kerberos server.
> >
> >Can you give me some guidance in how to do this?
> >
> >I have saslauth running with (/usr/sbin/saslauthd -m /var/run/saslauthd -a
> >kerberos5) I am not sure if that is something I need.
> >
> >Each user entry in the directory have the following kerberos attributes:
> >krb5PrincipalName: stest75@UNIV.UNIV.EDU
> >userPassword: {SASL}stest75@UNIV.UNIV.EDU
> >
> >I also have a /usr/lib/sasl2/slapd.conf with:
> >pwcheck_method:saslauthd
> >saslauthd_path:/var/run/saslauthd/mux
> >keytab:/etc/krb5.keytab
> >
> >Any help will be appreciated.
>
> Basically, it sounds like OpenLDAP needs to authenticate against a
> Microsoft KDC to verify the user's password.
>
> --Quanah
>
> --
> Quanah Gibson-Mount
> Principal Software Developer
> ITSS/Shared Services
> Stanford University
> GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
>