[Date Prev][Date Next] [Chronological] [Thread] [Top]

Mapping userPassword to Kerberos 5

I've been working through the docs at www.bayour.com and have run into a
snag due to the fact they are so dated and still work with Kerberos 4 as
well as 5 (I'm working with 5 only).  In his doc, he states that you can
make the users in LDAP force authentication with the KDC by using the
following for the attribute userPassword:

	userPassword: {KERBEROS}principal@REALM

However, from the little bit I know and have been reading, this seems to
be a feature of OpenLDAP compiled with Kerberos 4 (please correct me if
I'm wrong).  Is there another way to do this?  I ask because even though
I've defined userPassword as above and all other tests outlined within
the www.bayour.com docs work with my configuration (binding tests), it
still doesn't work.

I'm using Debian 3 sid with OpenLDAP 2.1.22, Kerberos 5, libsas2-gssapi
package 2.1.12, SASL 2.1.15.

Thanks in advance for any help!