[Date Prev][Date Next] [Chronological] [Thread] [Top]

Kerberos and LDAP - Part 1

I've been watching and reading this list for quite a while (you guys have
certainly shared some really good info!) and I seen a few post associated with
this, but nothing concrete.

I'm trying to get a handle on Kerberos & LDAP integration.  In particular, I
would like to be able to store the authentication information
(username/password) in Kerberos while using LDAP for all of the pertinent

Here's MY understanding of how this would work with Linux/PAM:

PAM controls authentication, therefore the proper pam modules and settings must
be placed in the proper PAM configuration files such that:
1. pam_ldap makes certain that the user account exists (auth entry)
2. pam_kerberos performs the actual authentication (auth entry)
3. pam_kerberos is in charge of password changes (password entry)

Then, in /etc/nsswitch.conf, 'ldap' needs to be included in the entries so that
username, groups, hosts, etc. get looked up in ldap.

Now, what are the potential problems with this scenario?  If anyone can help me
with this, I would greatly appreciate it.


Christopher Young, Senior Systems Engineer

I.D.E.A.L. Technology Corporation
I.ntegration D.evelopment E.ducation A.ll L.inux
407.999.9870 x14 or 1.877.IDEAL.CORP (Phone)