[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP as kerberos client?

To: openldap-software@OpenLDAP.org
Subject: Re: OpenLDAP as kerberos client?
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Thu, 15 Sep 2005 21:05:37 +0200
In-reply-to: <43296D9B.5010301@hanken.fi> (Alexander Tamm's message of "Thu, 15 Sep 2005 15:48:27 +0300")
References: <43296D9B.5010301@hanken.fi>
User-agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.5 (chestnut, linux)

Alexander Tamm <alex@hanken.fi> writes:

> Hi,
>
> I'm struggling with the documentation for OpenLDAP, SASL, kerberos and
> whatnot. Basically, I'm trying to create a directory which authenticates
> on a AD-service using kerberos. I have a working kerberos solution for
> dovecot IMAP, which authenticats from an AD KDC. I guess what I'm asking
> is this: is it actually possible for OpenLDAP to function as a kerberos
> client? I haven't really found any information which would explicitly
> confirm this. The documentation I find mostly seems to indicate that I
> need to setup a new KDC.

You may use sasl gssapi mechanism, but you have to tweak AD to create
service and host principals and tickets. I have done it, so it is
possible :-) 

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6

References:
- OpenLDAP as kerberos client?
  - From: Alexander Tamm <alex@hanken.fi>

Prev by Date: Re: ldap schema
Next by Date: Re: Migration from 2.0.x -> 2.2.x, schema change
Index(es):
- Chronological
- Thread