Sources for Heimdal kerberos and OpenLDAP
Sam Hartman
hartmans at MIT.EDU
Mon Aug 5 11:24:21 EDT 2002
>>>>> "Lars" == Lars <nospam at nospam.net> writes:
Lars> Most of the material I've seen requires modifications to and
Lars> rebuilding of packages. Can LDAP be added to Kerberos using
Lars> plain .deb files?
It all depends on what you want. I've certainly got a reasonable LDAP
setup on Debian using MIT Kerberos where my accounts are stored in
LDAP, but my Kerberos database is stored in its own file.
I think I've convinced the Heimdal maintainer not to enable storing
the Kerberos database in LDAP. This generally tends to be a security
issue because of backups (you have to treat your entire LDAP database
as authentication material rather than just account data) and because
it make things more complex and ends up trusting LDAP more than is
strictly necessary.
A lot of people want LDAP for buzzward compliance but I haven't really
met anyone who actually analyzed the requirements and wanted to be
storing their Kerberos database in LDAP.
More information about the Kerberos
mailing list