kerberos-ldap, comp.security.unix, comp.security.misc
ydaoc
ydaoc at new.com
Wed Mar 16 15:45:05 EST 2005
in iPlanet LDAP, there is an identity mapping that needs to be set up
to map user's identity on LDAP side.
i don't know about openLDAP, though.
paul b wrote:
> Hello,
> I am currently trying to set up a LDAP-Kerberos environment and I have
> some problems understanding how LDAP finds the correct user in the
> directory once a person has presented its ticket to the LDAP server.
> In fact, the goal is that the user authenticates to Kerberos and if
> the login went well, he gets his context(home directory, shell,..)
> from the LDAP directory:
>
> If I understood LDAP-Kerberos well, the user gets a service ticket for
> the LDAP-server and when he presents this ticket to the LDAP server,
> the name contained in the service-ticket will be mapped to a field in
> the LDAP directory. Can someone tell me how the LDAP server finds the
> right entry when the user presents the ticket. On some sites, I read
> that I have to enter a "krbName" entry for each user in the LDAP and
> that the LDAP-server searches the "krbName" in the LDAP directory
> corresponding to the name contained in the ticket.
> Is this true, do I have to add a krbName for each of users or is there
> an easier way?
>
> On client side, does PAM-LDAP all the work for me or do I have to add
> additional PAM-modules? (of course, I use pam_krb for the Kerberos
> authentication)
>
> Thanx in advance
> CB
More information about the Kerberos
mailing list