[Date Prev][Date Next]
Re: SASL, Kerberos V and LDAP
On Sunday, 1. July 2001 15:27, Luke Howard wrote:
> >- This is kind of how microsoft's combination ldap/kerberos server
> >works. I don't know of any other implementation that would support
> >this. I guess you could write a custom back end that would sync up
> >the passwords between the ldap and kerberos servers, but I think
> >that's a bad idea.
> Heimdal will talk to OpenLDAP over local IPC and store principals
> in the directory.
why do you want to store the passwords in the LDAP directory at all? The
really clean solution is to store the passwords in the Kerberos and only the
additional user data in the directory. OpenLDAP can authenticate against
Kerberos (and user this authentication for access controls to the directory).
Stephan Siano Mail: Stephan.Siano@suse.de
SuSE Linux Solutions AG Phone: 06196 50951 31
Mergenthalerallee 45-47 Fax: 06196 409607