single sign-on with kerberos V5 and ldap
Sam Hartman
hartmans at MIT.EDU
Fri Feb 15 13:21:38 EST 2002
>>>>> "Klaas" == Klaas Hagemann <kerberos at northsailor.de> writes:
Klaas> hi there,
Klaas> i have still a problem with kerberos and ldap.
Klaas> i have got a ldap v3 directory (netscape iplanet) with all my user =
Klaas> information.
Klaas> now i want to make singel sign on using kerberos V.=20
Klaas> how can i make kerberos storing all the keys in the ldap directory?
Klaas> the user should log on using kerberos, kerberos should ask the ldap =
Klaas> directory for this user.
Briefly, you don't actually want this configuration; it is not
necessary for single sign-on, and adds your LDAP database to your
security authentication/auditing domain. With most configurations it
also significantly increases how paranoid you need to be about LDAP
backups.
More information about the Kerberos
mailing list