[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAPv3 a nightmare

Howard Chu wrote:

Yes, only one password repository is needed.

That is definatly what I wanted to hear.

In fact only one database is

good too.

you can configure Heimdal Kerberos to store its information in LDAP,
piggybacked onto the usual user information.

I have been trying with mit-krb5, is there configuration examples in the Heimdal src on how I might do this.

Personally I think this is the
best way to go because it means you only have one database to administer when
you're doing user management tasks.

Got me convinced.

You can even set things up such that all
of the possible authentication methods are all valid, and all using the same
userPassword in LDAP (although I'm not sure why you would; certainly you
wouldn't want to give plaintext access to the same key that's used for your
Kerberos and other strong authentication mechanisms).

Plaintext access as in binding? So the kerberos key or the principal password would be in the userPassword field?
Kerberos keys are usualy stored in the keytab data file right?
So with Heimdal principals, keys, and passwords [are|can be] put in LDAP?