single sign-on with kerberos V5 and ldap
Darryl C Price
darryl at convsys.com
Fri Feb 15 13:30:27 EST 2002
You should check the iplanet rootdse ... AFAIK they don't support the SASL
GSSAPI mechanism, although PADL software has a plugin that they will sell you
... I think it's 2K per server.
==D
---- Original message ----
>Date: 15 Feb 2002 13:21:38 -0500
>From: Sam Hartman <hartmans at mit.edu>
>Subject: Re: single sign-on with kerberos V5 and ldap
>To: "Klaas Hagemann" <kerberos at northsailor.de>
>Cc: <kerberos at mit.edu>
>
>>>>>> "Klaas" == Klaas Hagemann <kerberos at northsailor.de> writes:
>
> Klaas> hi there,
>
> Klaas> i have still a problem with kerberos and ldap.
>
> Klaas> i have got a ldap v3 directory (netscape iplanet) with all my user =
> Klaas> information.
> Klaas> now i want to make singel sign on using kerberos V.=20
> Klaas> how can i make kerberos storing all the keys in the ldap directory?
>
> Klaas> the user should log on using kerberos, kerberos should ask the ldap =
> Klaas> directory for this user.
>
>
>Briefly, you don't actually want this configuration; it is not
>necessary for single sign-on, and adds your LDAP database to your
>security authentication/auditing domain. With most configurations it
>also significantly increases how paranoid you need to be about LDAP
>backups.
>
>
>_______________________________________________
>Kerberos mailing list
>Kerberos at mit.edu
>http://mailman.mit.edu/mailman/listinfo/kerberos
Darryl C Price
Conversant Systems, LLC
Email: darryl at convsys.com
Phone: (513)768-3120
Fax: (513)984-3947
Web: http://www.convsys.com
More information about the Kerberos
mailing list