[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL required? for Heimdal Kerberos -> OpenLDAP

Kasundra, Digant wrote:

My recommendation would be to use Heimdal's regular backend, not OpenLDAP. It seems to me that using OpenLDAP for the backend may be more kludgy than doing the reverse, ie using SASL to authenticate users against Kerberos. If you want to know how to set userpasswords in OpenLDAP to refer to Kerberos as the authenticator (using saslauthd) or how to use SASL to authenticate against OpenLDAP with your Kerberos ticket, this list can help you with that.

I am wanting to have Samba and Heimdal use the same password database and according to the Samba folks the only way possible is to store Samba accounts in OpenLDAP. So I have configured that (using a "patch" from the samba folks) and now I would like to get the kerberos end to play ball. I think this whole thing would go easier if I was not fighting some old redhat box the whole way. Anyhow I have downloaded the current OpenLDAP release along with SASL - but nnow SASL is having fits over some redhat 7.3 stuff so I guess I need to work that out first.