[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: MIT Kerberos v5 and OpenLDAP


Am Mon, 2004-02-02 um 16.38 schrieb Jorge Ruão:
> Hi all,
> I?m currently implementing a system with MIT Kerberos V5, SASL, OpenSSL and
> off-course OpenLDAP.
> My big question is: to use MIT Kerberos V5 as an authentication mechanism,
> all user passwords must be stored in the KDC database. What can be done if I
> need to get a user password via LDAP?

krb5 and libgssapi will solve most of your problems. If a user has to
store her password in a directory you may use an other sasl mechanism,
that is sasl mechanism gssapi for krb5 principals and sasl mechanism
digst-md5 for directory stored passwords.

> I?m also looking for the schema: ?krb5-kdc.schema? where can this be found?

krb5-kdc.schema would only make sense with heimdal krb5 but not with MIT

Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de