kerberos with connection to tls openldap
Augustin Wolf
augustynwilk at gmail.com
Wed May 15 13:34:42 EDT 2013
Hi,
I have a problem that I believe isn't very common. I'm trying to use
OpenLDAP as an back-end database for kerberos.
As far as I managed to create realm, and add principals, I would like
to secure a LDAP a bit.
I added LDAP option: security ssf=128, and it enforces encryption. It
works well for ldapsearch - without option "-Z" I got message:
Confidentiality required
This is also the case when I try to obtain ticket:
[user at virtual ]# kinit
kinit: Generic error (see e-text) while getting initial credentials
in krb5kdc logs I got:
May 15 00:24:43 virtual.example.com krb5kdc[1845](info): AS_REQ (4
etypes {18 17 16 23}) 127.0.0.1: LOOKING_UP_CLIENT: user at EXAMPLE.COM
for krbtgt/EXAMPLE.COM at EXAMPLE.COM, LDAP handle unavailable:
Confidentiality required
Is there a way to enforce kerberos to use TLS/SSL while communicating
to OpenLDAP?
Best Regards,
Augustyn
More information about the Kerberos
mailing list