[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLDAP as kerberos client?
Alexander Tamm <alex@hanken.fi> writes:
> Hi,
>
> I'm struggling with the documentation for OpenLDAP, SASL, kerberos and
> whatnot. Basically, I'm trying to create a directory which authenticates
> on a AD-service using kerberos. I have a working kerberos solution for
> dovecot IMAP, which authenticats from an AD KDC. I guess what I'm asking
> is this: is it actually possible for OpenLDAP to function as a kerberos
> client? I haven't really found any information which would explicitly
> confirm this. The documentation I find mostly seems to indicate that I
> need to setup a new KDC.
You may use sasl gssapi mechanism, but you have to tweak AD to create
service and host principals and tickets. I have done it, so it is
possible :-)
-Dieter
--
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6