Kerberos Backend for LDAP
John Morris
kerberos at butchwax.com
Wed Jun 18 19:17:32 EDT 2003
Howdy, Matthew!
Matthew Smith <matt at forsetti.com> writes:
> Disclaimer: I will admit, right off the bat, that I am not very familiar
> with OpenLDAP.
> If there was a back-krb5 for OpenLDAP, would an unmodified slurpd be
> able to replicate the krb info, since slurpd just sees it as LDAP info?
> Does slurpd use the LDAP interface for obtaining data to replicate, or
> does it tie in somewhere behind the scenes?
> -Matt
I'm not an expert either, but here's how I believe that would work:
The back-krb5 interface would query the KDC each time an LDAP query is
made. If you have redundant LDAP servers, back-krb5 would be
configured to point at whichever KDC is appropriate. LDAP replication
of the KDC data isn't necessary, since the data isn't stored in
LDAP-native dbs. Any replication that goes on would be kprop, outside
of the LDAP system.
HTH
John
--
John Morris
+1-512-833-6004
More information about the Kerberos
mailing list