[Date Prev][Date Next] [Chronological] [Thread] [Top]

openldap and kerberos integration

To: openldap-technical@openldap.org
Subject: openldap and kerberos integration
From: Thierry Lacoste <lacoste@u-pec.fr>
Date: Thu, 9 Dec 2010 21:42:46 +0100

Hello,

I'm experimenting with integrating Kerberos and OpenLDAP
following roughly http://wiki.mandriva.com/en/Projects/OpenLDAP_DIT

I'm using CentOS and Buchan Milne's repository (http://staff.telkomsa.net/packages/rhel5/)

both for OpenLDAP and Heimdal.

I've almost succeeded except for password integration.

It seems that the smbk5pwd module provided by openldap2.4-servers-2.4.22-1.el5

in /usr/lib/openldap2.4/smbpwd.so is built without kerberos support.

With "smbk5pwd-enable krb5" I have the following error:

/etc/openldap2.4/slapd.conf: line 154: smbk5pwd: <smbk5pwd-enable>module "smbk5pwd-enable" only allowed when compiled with -DDO_KRB5.


What is the easiest option to get a kerberos supporting smbk5pwd?


BTW I'd appreciate any recommandations about providing kerberos and
LDAP authentication (with the same password) in a production setting.
Should I use Heimdal or MIT kerberos ?

If Heimdal, is it better to use OpenLDAP as a backend for Kerberos orlet Kerberos use its native backend?If OpenLDAP as a backend, is it better to use {K5KEY} as theuserPassword or let smbk5pwd synchronize everything?


Best regards,
Thierry

Follow-Ups:
- Re: openldap and kerberos integration
  - From: Howard Chu <hyc@symas.com>
- Re: openldap and kerberos integration
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>

Prev by Date: Re: x500UniqueIdentifier
Next by Date: Re: openldap and kerberos integration
Index(es):
- Chronological
- Thread