[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Kerberos+Ldap /etc/passwd
Hello,
I have set up the following configuration in a test environment.
Please, take a look at the questions at the end of the description of my
environment.
The first machine is a KDC (MIT) and it has also the openldap server.
This ldap implementation is only acting as a /etc/passwd and /etc/group
files without password.
Here are some info about the open ldap server
Version: openldap-2.2.23
ldapsearch -h localhost -p 389 -x -b "" -s base -LLL supportedSASLMechanisms
dn:
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: OTP
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5
Schemas:
include /usr/local/openldap-2.2.23/etc/openldap/schema/core.schema
include /usr/local/openldap-2.2.23/etc/openldap/schema/cosine.schema
include /usr/local/openldap-2.2.23/etc/openldap/schema/nis.schema
include
/usr/local/openldap-2.2.23/etc/openldap/schema/inetorgperson.schema
Users:
dn: uid=testePass,ou=People,dc=example,dc=com
uid: testePass
cn: testePass
objectClass: account
objectClass: posixAccount
objectClass: top
loginShell: /bin/bash
uidNumber: 506
gidNumber: 506
homeDirectory: /home/testePass
Having this said here are my questions:
1- Considering that my internal network is safe should I configure SASL
binds instead of simple binds?
2- Also, If I use a SASL bind do I need to have a userpassword: {SASL} field
on each user entry in the ldap database? I have several posts in this list
but could not extract this inofrmation.
3- Also, in my current configuration when I insert my kerberos password is
it sent to the ldap server?
Thank you for your time (I am sorry for the long email).
Regards,
F.
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/