[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAPv3: The OpenLDAP/Kerberos/SASL soup (was Kerberos and DIGEST-MD5)





--On Wednesday, July 28, 2004 8:05 PM +0200 Jose Gonzalez Gomez <jgonzalez@opentechnet.com> wrote:

    I hope this helps to anyone trying to setup a Kerberos/OpenLDAP/SASL
server.

It probably does for those trying to run a KDC on top of OpenLDAP. It kind of depends on what you want to do. We run an MIT KDC, and use GSSAPI with OpenLDAP just fine. We simply configure PAM to authenticate to the KDC for getting passwords, rather than going through LDAP. It works quite well. We also have SSO throughout the university. You may find:


<http://webauthv3.stanford.edu> of interest if you wish to use your OpenLDAP servers & your KDC to authenticate/restrict access to websites.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html