[Date Prev][Date Next]
Re: MIT Kerberos v5 and OpenLDAP
Am Mon, 2004-02-02 um 16.38 schrieb Jorge Ruão:
> Hi all,
> I?m currently implementing a system with MIT Kerberos V5, SASL, OpenSSL and
> off-course OpenLDAP.
> My big question is: to use MIT Kerberos V5 as an authentication mechanism,
> all user passwords must be stored in the KDC database. What can be done if I
> need to get a user password via LDAP?
krb5 and libgssapi will solve most of your problems. If a user has to
store her password in a directory you may use an other sasl mechanism,
that is sasl mechanism gssapi for krb5 principals and sasl mechanism
digst-md5 for directory stored passwords.
> I?m also looking for the schema: ?krb5-kdc.schema? where can this be found?
krb5-kdc.schema would only make sense with heimdal krb5 but not with MIT
Dieter Kluenter | Systemberatung
Tel:040.64861967 | Fax: 040.64891521