[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Kerberos + SASL question..


I am having problems understanding kerberos, LDAP and Cyrus SASL interaction.

I am using LDAP to store the users information like uid, home directory, grouid, geco (passwd without the password field).
I have kerberos configured and working.

I understand that SASL is a layer that provides authentication mechanims to protocols like LDAP. By using GSSAPI, as soon as I get a Kerberos TGT I will be allowed to get a TGS for LDAP. However, if the LDAP directory holds my userid and groupid, necessary to pam_krb5, and if I need a TGT to access a TGS for ldap how will I be able to login.

If  I have the concepts wrong please let me know.


On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement