[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL, Kerberos V and LDAP

To: openldap-software@OpenLDAP.org
Subject: Re: SASL, Kerberos V and LDAP
From: Stephan Siano <stephan.siano@suse.de>
Date: Mon, 2 Jul 2001 07:58:26 +0200
In-reply-to: <200107011327.XAA30368@au.padl.com>
References: <200107011327.XAA30368@au.padl.com>

On Sunday,  1. July 2001 15:27, Luke Howard wrote:
> >- This is kind of how microsoft's combination ldap/kerberos server
> >works. I don't know of any other implementation that would support
> >this. I guess you could write a custom back end that would sync up
> >the passwords between the ldap and kerberos servers, but I think
> >that's a bad idea.
>
> Heimdal will talk to OpenLDAP over local IPC and store principals
> in the directory.

Hi,

why do you want to store the passwords in the LDAP directory at all? The 
really clean solution is to store the passwords in the Kerberos and only the 
additional user data in the directory. OpenLDAP can authenticate against 
Kerberos (and user this authentication for access controls to the directory).

-- 
Stephan Siano                           Mail:  Stephan.Siano@suse.de
SuSE Linux Solutions AG                 Phone: 06196 50951 31
Mergenthalerallee 45-47			Fax:   06196 409607
D-65760 Eschborn

References:
- Re: SASL, Kerberos V and LDAP
  - From: Luke Howard <lukeh@PADL.COM>

Prev by Date: Re: Netscape Communicator 4.76 Addressbook & LDAPS
Next by Date: Re: Core dump
Index(es):
- Chronological
- Thread