[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAPv3: The OpenLDAP/Kerberos/SASL soup (was Kerberos and DIGEST-MD5)

To: Jose Gonzalez Gomez <jgonzalez@opentechnet.com>, openldap-software@OpenLDAP.org
Subject: Re: LDAPv3: The OpenLDAP/Kerberos/SASL soup (was Kerberos and DIGEST-MD5)
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Wed, 28 Jul 2004 11:31:45 -0700
Content-disposition: inline
In-reply-to: <4107EAFE.6000006@opentechnet.com>
References: <4107EAFE.6000006@opentechnet.com>

--On Wednesday, July 28, 2004 8:05 PM +0200 Jose Gonzalez Gomez <jgonzalez@opentechnet.com> wrote:

    I hope this helps to anyone trying to setup a Kerberos/OpenLDAP/SASL
server.

It probably does for those trying to run a KDC on top of OpenLDAP. It kind of depends on what you want to do. We run an MIT KDC, and use GSSAPI with OpenLDAP just fine. We simply configure PAM to authenticate to the KDC for getting passwords, rather than going through LDAP. It works quite well. We also have SSO throughout the university. You may find:

<http://webauthv3.stanford.edu> of interest if you wish to use your OpenLDAP servers & your KDC to authenticate/restrict access to websites.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

Follow-Ups:
- Re: LDAPv3: The OpenLDAP/Kerberos/SASL soup (was Kerberos and DIGEST-MD5)
  - From: Howard Chu <hyc@symas.com>

References:
- LDAPv3: The OpenLDAP/Kerberos/SASL soup (was Kerberos and DIGEST-MD5)
  - From: Jose Gonzalez Gomez <jgonzalez@opentechnet.com>

Prev by Date: Re: Password expiration
Next by Date: Re: LDAPv3: The OpenLDAP/Kerberos/SASL soup (was Kerberos and DIGEST-MD5)
Index(es):
- Chronological
- Thread