NEWBIE Question: Kerberos and LDAP

Luke Howard lukeh at PADL.COM
Wed May 21 18:34:50 EDT 2003


>I'm an absolute newbie to kerberos trying to see how to fir it into our
>network and existing authentication schemes.  Currently, LDAP represents
>the backend store for all passwords and users are authenticated against
>the LDAP server.  Maintenance of the LDAP user/password data is built into
>our account management software, and numerous not-easily-kerberizable
>applications will continue to depend on it.  In kerberos, there is a user
>principal (hoping my terminology is correct here) for each user in a
>particular domain.  What I want to know is whether I can configure the KDC
>to validate the user credentials against the LDAP server as oppossed to
>having to maintain another separate credentials store.

You can't "authenticate" Kerberos principals against an LDAP server, but
you can use an LDAP server as storage for Kerberos principal information.

Heimdal includes such a backend, and both IBM and PADL have commercial
LDAP-backended KDCs.

-- Luke

--
Luke Howard | PADL Software Pty Ltd | www.padl.com


More information about the Kerberos mailing list