Heimdal Kerberos 5's and backwards compatibility

rik rik at bits.bris.ac.uk
Fri Apr 26 06:12:52 EDT 2002


Hi all,

I'm looking at setting up Heimdal krb5 on a network that uses krb4 at the
moment. It needs to remain backwards compatible with krb4. I also need to move
*all* of the authentication data to an LDAP database. This is where the
problem arises.

Heimdal will happily lookup from an LDAP backend, and in the compile options,
it will link against some krb4 libraries. The krb4 implementation I happen to
have here is the eBones implementation, which can't lookup from an LDAP
backend.

My question is this: Does Heimdal use the krb4 libraries its linked against
when it realises it's got a krb4 request going on, or does it use them for the
lookup, or does it use its own data sources for the lookup but the krb4 for
the handling, or... ?

My question boils down to "Can I get a Kerberos 4 and 5 authentication server,
with an LDAP backend?". I know the answer is yes if I use MIT krb5 (it has a
krb524d), but I'm in .uk, and MIT don't appear to want to export it (well, as
of 3am last night, UTC + 1).

So, does anyone have any hints, or answers about the 5-to-4 compatibility
layer in Heimdal?

rik
-- 
PGP Key: D2729A3F - Keyserver: wwwkeys.uk.pgp.net - rich at rdrose dot org
Key fingerprint = 5EB1 4C63 9FAD D87B 854C  3DED 1408 ED77 D272 9A3F
Public key also encoded with outguess on http://rikrose.net



More information about the Kerberos mailing list