[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Simple binds authenticating against Kerberos

To: openldap-software@OpenLDAP.org
Subject: Re: Simple binds authenticating against Kerberos
From: Dieter Kluenter <dieter@dkluenter.de>
Date: Wed, 10 Mar 2004 23:31:32 +0100
In-reply-to: <BB48F73042D29D41A033A684D5FBB984046C6E33@exchange.uta.edu> (Digant Kasundra's message of "Wed, 10 Mar 2004 15:05:48 -0600")
References: <BB48F73042D29D41A033A684D5FBB984046C6E33@exchange.uta.edu>
User-agent: Gnus/5.1001 (Gnus v5.10.1) XEmacs/21.4 (Portable Code, linux)

Hi,

Digant Kasundra <digant@uta.edu> writes:

> Hello,

> I'm relatively new at mixing OpenLDAP and Kerberos so please bear with me.  We have
> some apps that can only do simple binds to LDAP but we want to manage all our
> passwords in the Kerberos realm.  I know there is a way to use SASL such that a
> person can get a ticket from kerberos and than use it to access LDAP.

> But lets say the person just does a simple bind to LDAP.  Is there a way to tell
> OpenLDAP to use than username and password against Kerberos to see if it is valid? 
> It seems the OpenLDAP manual parts that I've seen don't seem to address this (to my
> understanding).

There has been a solution on this list a couple of days ago, combining
the pam modules pam_ldap, pam_unix2 and pam_krb5. So if your system
supports pam, just change pam_krb5afs to pam_krb5

http://www.openldap.org/lists/openldap-software/200403/msg00224.html

-Dieter

-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de

References:
- Simple binds authenticating against Kerberos
  - From: Digant Kasundra <digant@uta.edu>

Prev by Date: Re: Laser mail routting schema
Next by Date: RE: LDAP searches don't work unless they're wildcards
Index(es):
- Chronological
- Thread