How to configure Openldap to pass-through Kerberos tickets from Active Directory? < Virus checked >

[Florian Preuss <FPRE@FESTO.COM>]

Hi,

I'm a real newbie on Linux Servers!

I have an Active Directory, an OpenLDAP Server and Linux Clients. My goal
is to authenticate the users on the Linux client using
the AD accounts which are replicated to the OpenLDAP Server except the
passwords.

The way it should work:
A user logs in on the Linux Client. The Client looks in the OpenLDAP
database and the OpenLDAP server directs the password
to the Active Directory, which generates a ticket and send it back to
OpenLDAP and this passes it through to the client.
I read something about configuring the user accounts in OpenLDAP with
{SASL}user@domain.com or {KERBEROS}user@domain.com.
Can anyone help me to get this working???

AD using an extended version of MIT Kerberos5.
Client using Heimdal Kerberos.
OpenLDAP using Heimdal Kerberos.
Festo AG & Co. KG
Florian Preuss
Abteilung IT-B
Arbeitsplatzrechner


D -

Tel:
Fax:
http://www.festo.com

Der Inhalt dieses E-Mails ist ausschliesslich fuer den bezeichneten
Adressaten bestimmt. Jede Form der Kenntnisnahme, Veroeffentlichung,
Vervielfaeltigung oder Weitergabe des Inhalts dieses E-Mails durch
unberechtigte Dritte ist unzulaessig. Wir bitten Sie, sich mit dem Absender
des E-Mails in Verbindung zu setzen, falls Sie nicht der Adressat dieses
E-Mails sind und das Material von Ihrem Computer zu loeschen.

This e-mail and any attachments are confidential and intended solely for
the addressee. The perusal, publication, copying or dissemination of the
contents of this e-mail by unauthorised third parties is prohibited. If you
are not the intended recipient of this e-mail, please delete it and
immediately notify the sender.