[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Using OpenLDAP 2.0.7 for authentication



On Mon, 30 Apr 2001, Mark H. Wood wrote:

> On Sun, 29 Apr 2001, John Humphrey wrote:
> [snip]
> > My intentions for LDAP is to utilize it for authenticating services as well
> > as a user directory.  I want to use Kerberos as the encryption scheme.
>
> First you need to get some terms straightened out.  Kerberos *uses*
> encryption but doesn't *provide* it; it is an authentication mechanism
> itself.  OpenLDAP knows how to use Kerberos to authenticate bind
> requests, if you set it up to do that.
>

That's not exactly true. The Kerberos libraries (last I looked) do provide
encryption functions (i.e., mk_priv()); however, you don't want to use
them.


> > having trouble adding groups. Each time I attempt to create an LDIF import
> > file contaning group objects I get error messages.
>
> What do they say?
>
> >                                                     How do you create
> > groups? I've been successful is creating Organizations, Organizational
> > Units, and Users (the Person OjbectClass). Also, how do I assign users (the
> > Person objectclass) passwords?
>
> If you're using Kerberos to authenticate users, you assign the passwords
> using Kerberos and OpenLDAP has no contact with passwords.
>
> --
> Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
> Make a good day.
>
>