Ng Chin Leong [05/12/03 08:43 +0800]: > Hello, > I have setup a RedHat LDAP server for authentication among linux client > but now I would like to integrate it for single-sign on using Kerberos. > I know that by configuring heimdal or Kerberos V with LDAP could do the > job but just have no idea how to start. I even have problem compiling > with the options from source. Would appreciate if anyone would suggest > me a good site for me to start. > I only have experience with OpenLDAP 2.0 and SASL 1.5, but what you'll probably need to do is compile OpenLDAP with SASL support and do Kerberos authentication over GSSAPI with the SASL GSSAPI module. You should really only need to compile LDAP with Kerberos support if you need to map userPassword attributes to Kerberos principals (for instance, so clients can do simple binds to the directory using their Kerberos password.) As for resources, check out http://www.bayour.com/LDAPv3-HOWTO.html for a good overview as to how to get it up and running, although that guide deals only with OpenLDAP 2.0 and SASL 1.5. > Cheers, > Chin Leong > -- Chris Schadl cschadl@satan.org.uk
Attachment:
pgpRg0zKUIZFi.pgp
Description: PGP signature