[Date Prev][Date Next] [Chronological] [Thread] [Top]

Kerberos+Ldap /etc/passwd



Hello,

I have set up the following configuration in a test environment.
Please, take a look at the questions at the end of the description of my environment.
The first machine is a KDC (MIT) and it has also the openldap server.
This ldap implementation is only acting as a /etc/passwd and /etc/group files without password.



Here are some info about the open ldap server

Version: openldap-2.2.23

ldapsearch -h localhost -p 389 -x -b "" -s base -LLL supportedSASLMechanisms
dn:
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: OTP
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5

Schemas:

include /usr/local/openldap-2.2.23/etc/openldap/schema/core.schema
include /usr/local/openldap-2.2.23/etc/openldap/schema/cosine.schema
include /usr/local/openldap-2.2.23/etc/openldap/schema/nis.schema
include /usr/local/openldap-2.2.23/etc/openldap/schema/inetorgperson.schema



Users:

dn: uid=testePass,ou=People,dc=example,dc=com
uid: testePass
cn: testePass
objectClass: account
objectClass: posixAccount
objectClass: top
loginShell: /bin/bash
uidNumber: 506
gidNumber: 506
homeDirectory: /home/testePass


Having this said here are my questions:


1- Considering that my internal network is safe should I configure SASL binds instead of simple binds?
2- Also, If I use a SASL bind do I need to have a userpassword: {SASL} field on each user entry in the ldap database? I have several posts in this list but could not extract this inofrmation.
3- Also, in my current configuration when I insert my kerberos password is it sent to the ldap server?



Thank you for your time (I am sorry for the long email).

Regards,
F.

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/