[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Openldap, kerberos backend, and SASL

Subject: Re: Openldap, kerberos backend, and SASL
From: Troy Knabe <knabe@4j.lane.edu>
Date: Wed, 4 Mar 2009 11:15:50 -0800
Cc: openldap-technical@openldap.org
In-reply-to: <1236162621.6517.11.camel@laptop1.herveybayaustralia.com.au>
References: <1236162621.6517.11.camel@laptop1.herveybayaustralia.com.au>

We are starting to work towards implimenting this very solution. Is there any documentation you have found to be particularly helpful?

Thanks
-Troy


On Mar 4, 2009, at 2:30 AM, Da Rock wrote:

Sorry to barge in straight away with a question like this, but my time is running out and I have not been able to get a straight answer out of google.

I'm going through the hypotheticals for using ldap as the backend for kerberos, and I've hit a chicken and egg problem with SASL- can someone untangle my mind?

IF kerberos is using ldap as a backend store for keys, users, etc, and one can set the rootdn and leave the rootpw for later entry in the database itself, and the password can use SASL auth- what happens if you use kerberos as the auth mechanism?

According to the book, slapd needs to set up the access to the key from startup, and kerberos in this scenario will need ldap up to provide the key. Is ldap up enough that kerberos can provide this? Or does ldap retry or something so that this problem is overcome?
Thoughts?
Cheers

Follow-Ups:
- Re: Openldap, kerberos backend, and SASL
  - From: Da Rock <rock_on_the_web@comcen.com.au>

References:
- Openldap, kerberos backend, and SASL
  - From: Da Rock <rock_on_the_web@comcen.com.au>

Prev by Date: Re: Security issues when authenticating from multiple sites
Next by Date: Re: Openldap, kerberos backend, and SASL
Index(es):
- Chronological
- Thread