[Date Prev][Date Next] [Chronological] [Thread] [Top]

Kerberos and LDAP - Part 1

To: openldap-software@OpenLDAP.org
Subject: Kerberos and LDAP - Part 1
From: Chris Young <cyoung@idealcorp.com>
Date: Thu, 3 Aug 2000 09:17:49 -0400
Organization: IDEAL Technology Corporation

I've been watching and reading this list for quite a while (you guys have
certainly shared some really good info!) and I seen a few post associated with
this, but nothing concrete.

I'm trying to get a handle on Kerberos & LDAP integration.  In particular, I
would like to be able to store the authentication information
(username/password) in Kerberos while using LDAP for all of the pertinent
information.


Here's MY understanding of how this would work with Linux/PAM:

PAM controls authentication, therefore the proper pam modules and settings must
be placed in the proper PAM configuration files such that:
1. pam_ldap makes certain that the user account exists (auth entry)
2. pam_kerberos performs the actual authentication (auth entry)
3. pam_kerberos is in charge of password changes (password entry)

Then, in /etc/nsswitch.conf, 'ldap' needs to be included in the entries so that
username, groups, hosts, etc. get looked up in ldap.

Now, what are the potential problems with this scenario?  If anyone can help me
with this, I would greatly appreciate it.

Chris

 -- 
Christopher Young, Senior Systems Engineer

I.D.E.A.L. Technology Corporation
I.ntegration D.evelopment E.ducation A.ll L.inux
http://www.idealcorp.com
407.999.9870 x14 or 1.877.IDEAL.CORP (Phone)

Follow-Ups:
- Re: Kerberos and LDAP - Part 1
  - From: Nalin Dahyabhai <nalin@redhat.com>

Prev by Date: dn2id error
Next by Date: Kerberos and LDAP - Part 2
Index(es):
- Chronological
- Thread