[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap in heterogenous environment



On Sat, Apr 19, 2003 at 06:23:33PM -0600, David Smith wrote:
> I can confirm that those rumors are true. We are doing just that 
> (including Kerberos) at my place of employment. There is one caveat: 
> your NT passwords must be stored as hashes in LDAP rather than in 
> Kerberos. The Samba PDC authenticates to those rather than to kerberos 
> in our setup.

Isn't it possible to use Kerberos for the authentication and LDAP for storing
user data (account, uid ...) ?
This being done, the password should not be windows hashes but kerberos
crypted (i think this is des/md5). But storing passwords in LDAP in not as
secure as storing it in Kerberos database, as LDAP as not been thought as an
authenticator and is designed for public data.

This have been discussed here befre, i think, or perhaps it was on Kerberos
Mailing Lists.

I am also designing such a network, but this will be based on Samba as a PDC
and, if i succeed with Kerberos authentication, both Unix and Windows should
share the same password.

Jerome
-- 
-+--   Jérôme Walter - 	I2 EFREI		          ----+-
 Equipe Système - Efrei Robotique - Jap'Efrei - Erasmus Tutors
 "The World is my country" - "Nihon no tomodachi desu"
EFREI System and Networking guide http://perso.efrei.fr/~walter/