[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Using OpenLDAP 2.0.7 for authentication

On Mon, 30 Apr 2001, Mark H. Wood wrote:

> On Sun, 29 Apr 2001, John Humphrey wrote:
> [snip]
> > My intentions for LDAP is to utilize it for authenticating services as well
> > as a user directory.  I want to use Kerberos as the encryption scheme.
> First you need to get some terms straightened out.  Kerberos *uses*
> encryption but doesn't *provide* it; it is an authentication mechanism
> itself.  OpenLDAP knows how to use Kerberos to authenticate bind
> requests, if you set it up to do that.

That's not exactly true. The Kerberos libraries (last I looked) do provide
encryption functions (i.e., mk_priv()); however, you don't want to use

> > having trouble adding groups. Each time I attempt to create an LDIF import
> > file contaning group objects I get error messages.
> What do they say?
> >                                                     How do you create
> > groups? I've been successful is creating Organizations, Organizational
> > Units, and Users (the Person OjbectClass). Also, how do I assign users (the
> > Person objectclass) passwords?
> If you're using Kerberos to authenticate users, you assign the passwords
> using Kerberos and OpenLDAP has no contact with passwords.
> --
> Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
> Make a good day.