single sign-on with kerberos V5 and ldap

Darryl C Price darryl at convsys.com
Fri Feb 15 13:30:27 EST 2002


You should check the iplanet rootdse ... AFAIK they don't support the SASL
GSSAPI mechanism, although PADL software has a plugin that they will sell you
... I think it's 2K per server.  

==D

---- Original message ----
>Date: 15 Feb 2002 13:21:38 -0500
>From: Sam Hartman <hartmans at mit.edu>  
>Subject: Re: single sign-on with kerberos V5 and ldap  
>To: "Klaas Hagemann" <kerberos at northsailor.de>
>Cc: <kerberos at mit.edu>
>
>>>>>> "Klaas" == Klaas Hagemann <kerberos at northsailor.de> writes:
>
>    Klaas> hi there,
>
>    Klaas> i have still a problem with kerberos and ldap.
>
>    Klaas> i have got a ldap v3 directory (netscape iplanet) with all my user =
>    Klaas> information.
>    Klaas> now i want to make singel sign on using kerberos V.=20
>    Klaas> how can i make kerberos storing all the keys in the ldap directory?
>
>    Klaas> the user should log on using kerberos, kerberos should ask the ldap =
>    Klaas> directory for this user.
>
>
>Briefly, you don't actually want this configuration; it is not
>necessary for single sign-on, and adds your LDAP database to your
>security authentication/auditing domain.  With most configurations it
>also significantly increases how paranoid you need to be about LDAP
>backups.
>
>
>_______________________________________________
>Kerberos mailing list
>Kerberos at mit.edu
>http://mailman.mit.edu/mailman/listinfo/kerberos
Darryl C Price
Conversant Systems, LLC
Email:  darryl at convsys.com
Phone:  (513)768-3120
Fax:    (513)984-3947
Web:    http://www.convsys.com



More information about the Kerberos mailing list