[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Kerberos + SASL question

To: openldap-software@OpenLDAP.org
Subject: Re: Kerberos + SASL question
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Tue, 22 Mar 2005 09:46:50 -0800
Content-disposition: inline
In-reply-to: <BAY12-F16C17CC000E10AE8198EA39C4E0@phx.gbl>
References: <BAY12-F16C17CC000E10AE8198EA39C4E0@phx.gbl>

--On Tuesday, March 22, 2005 5:19 PM +0000 Manel Euro <euro_32@hotmail.com> wrote:

Hello,

I am having problems understanding kerberos, LDAP and Cyrus SASL
interaction.

I am using LDAP to store the users information like uid, home directory,
grouid, geco (passwd without the password field).
I have kerberos configured and working.

I understand that SASL is a layer that provides  authentication mechanims
to protocols like LDAP. By using GSSAPI, as soon as I get a Kerberos TGT
I will be allowed to get a  TGS for LDAP. However, if the LDAP directory
holds my userid and groupid,  necessary to pam_krb5, and if I need a TGT
to access a TGS for ldap how will I be able to login.

If I have the concepts wrong please let me know.

I use a site restricted anonymous bind for getting information out of the directory related to passwd file information.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin

Follow-Ups:
- Re: Kerberos + SASL question
  - From: "Manel Euro" <euro_32@hotmail.com>

References:
- Kerberos + SASL question
  - From: "Manel Euro" <euro_32@hotmail.com>

Prev by Date: RE: Kerberos + SASL question..
Next by Date: List of Ldap Servers in the Network
Index(es):
- Chronological
- Thread