[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap proxy to kerberos

To: vadud3@gmail.com, Dan White <dwhite@cafedemocracy.org>
Subject: Re: openldap proxy to kerberos
From: Quanah Gibson-Mount <quanah@symas.com>
Date: Mon, 07 Jan 2019 20:16:38 -0800
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <CAOHBbgVT1bZj54AA=16ibQozgy0xd-aEit4gxU3bkKoMu3rAqQ@mail.gmail.com>
References: <CAOHBbgUXsYhqXxWZuQ4=zJKgDeAR4tgBgYax=Po1BcNSbDteFg@mail.gmail.com> <20190107225337.scnf3277mlvdlmje@dan.olp.net> <CAOHBbgVT1bZj54AA=16ibQozgy0xd-aEit4gxU3bkKoMu3rAqQ@mail.gmail.com>

--On Monday, January 07, 2019 6:39 PM -0500 vadud3@gmail.com wrote:

I do not see any slapo-ldap in my search for man page in openldap site 
http://www.openldap.org/software/man.cgi?query=slapo*&sektion=0&manpath=O
penLDAP+2.4-Release&apropos=1&format=html


It is slapd-ldap, not slapo-ldap.

I want to start using kerberos setting like below and start using
kerberos for authentication

May be I am not understanding how to implement kerberos proxy.

Kerberos is its own protocol and set of software. The two primary FOSSdistributions of Kerberos are MIT and Heimdal.

You can use LDAP to store the Kerberos Database, and you can use Kerberostickets to authenticate to LDAP (SASL/GSSAPI), but you cannot use LDAP asan in-between proxy to Kerberos, as they are entirely different protocols.


--Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

References:
- openldap proxy to kerberos
  - From: vadud3@gmail.com
- Re: openldap proxy to kerberos
  - From: Dan White <dwhite@cafedemocracy.org>
- Re: openldap proxy to kerberos
  - From: vadud3@gmail.com

Prev by Date: Re: openldap proxy to kerberos
Next by Date: Re: openldap proxy to kerberos
Index(es):
- Chronological
- Thread