[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap and kerberos integration

Thierry Lacoste wrote:

I'm experimenting with integrating Kerberos and OpenLDAP
following roughly http://wiki.mandriva.com/en/Projects/OpenLDAP_DIT

I'm using CentOS and Buchan Milne's repository (http://staff.telkomsa.net/packages/rhel5/
both for OpenLDAP and Heimdal.

I've almost succeeded except for password integration.
It seems that the smbk5pwd module provided by openldap2.4-
in /usr/lib/openldap2.4/smbpwd.so is built without kerberos support.

With "smbk5pwd-enable krb5" I have the following error:
/etc/openldap2.4/slapd.conf: line 154: smbk5pwd:<smbk5pwd-enable>
module "smbk5pwd-enable" only allowed when compiled with -DDO_KRB5.

What is the easiest option to get a kerberos supporting smbk5pwd?

I have no comment on other people's builds.

BTW I'd appreciate any recommandations about providing kerberos and
LDAP authentication (with the same password) in a production setting.
Should I use Heimdal or MIT kerberos ?
If Heimdal, is it better to use OpenLDAP as a backend for Kerberos or
let Kerberos use its native backend?
If OpenLDAP as a backend, is it better to use {K5KEY} as the
userPassword or let smbk5pwd synchronize everything?

Read the smbk5pwd README.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/