[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP as kerberos client?

Alexander Tamm <alex@hanken.fi> writes:

> Hi,
> I'm struggling with the documentation for OpenLDAP, SASL, kerberos and
> whatnot. Basically, I'm trying to create a directory which authenticates
> on a AD-service using kerberos. I have a working kerberos solution for
> dovecot IMAP, which authenticats from an AD KDC. I guess what I'm asking
> is this: is it actually possible for OpenLDAP to function as a kerberos
> client? I haven't really found any information which would explicitly
> confirm this. The documentation I find mostly seems to indicate that I
> need to setup a new KDC.

You may use sasl gssapi mechanism, but you have to tweak AD to create
service and host principals and tickets. I have done it, so it is
possible :-) 


Dieter Klünter | Systemberatung