[Date Prev][Date Next] [Chronological] [Thread] [Top]

Mapping userPassword to Kerberos 5

To: openldap-software@OpenLDAP.org
Subject: Mapping userPassword to Kerberos 5
From: Benjamin Krein <superbenk@superk.org>
Date: Wed, 06 Aug 2003 08:10:44 -0400
Organization: SuperK.org

I've been working through the docs at www.bayour.com and have run into a
snag due to the fact they are so dated and still work with Kerberos 4 as
well as 5 (I'm working with 5 only).  In his doc, he states that you can
make the users in LDAP force authentication with the KDC by using the
following for the attribute userPassword:

	userPassword: {KERBEROS}principal@REALM

However, from the little bit I know and have been reading, this seems to
be a feature of OpenLDAP compiled with Kerberos 4 (please correct me if
I'm wrong).  Is there another way to do this?  I ask because even though
I've defined userPassword as above and all other tests outlined within
the www.bayour.com docs work with my configuration (binding tests), it
still doesn't work.

I'm using Debian 3 sid with OpenLDAP 2.1.22, Kerberos 5, libsas2-gssapi
package 2.1.12, SASL 2.1.15.

Thanks in advance for any help!

Ben

Follow-Ups:
- Re: Mapping userPassword to Kerberos 5
  - From: Frank Swasey <Frank.Swasey@uvm.edu>
- Re: Mapping userPassword to Kerberos 5
  - From: Dieter Kluenter <dieter@dkluenter.de>
- Re: Mapping userPassword to Kerberos 5
  - From: Stephen Frost <sfrost@snowman.net>
- Re: Mapping userPassword to Kerberos 5
  - From: Turbo Fredriksson <turbo@bayour.com>

Prev by Date: Re: access log for OpenLDAP
Next by Date: Re: PAM NSS LDAP
Index(es):
- Chronological
- Thread