openldap principal
Gerald (Jerry) Carter
jerry at samba.org
Fri Jul 2 08:56:27 EDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 1 Jul 2004, Frederic Medery wrote:
> My question is : Do I have to create all the users principal or when I
> create a ldap user, do i have to create it inside kerberos of the ldap
> admin principal with create it for me ?
You will need to be able to associate each user principal in the domain
with a uidNumber. The easiest way I can think to explain it is
pam_krb5+nss_ldap. So you will need the posixAccounts in the directory
service but not the userPassword (or authPassword) attributes. The
authentication is handled via the KDC and the OS calls to getpwnam(),
et. al. go through NSS and out to LDAP.
Hope this helps. Also you might be interested in the Heimdal+LDAP
setup described at http://padl.com/esearch/Heimdal.html
cheers, jerry
- ----------------------------------------------------------------------
Hewlett-Packard ------------------------- http://www.hp.com
SAMBA Team ---------------------- http://www.samba.org
GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc
"...a hundred billion castaways looking for a home." ----------- Sting
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
iD8DBQFA5Vt8IR7qMdg1EfYRAoEEAJwIxWJHhpnrQ4lQvd9wrIt+W0+8oACeOMkz
vV3B5tYHwhGWf3gl5z/aVqI=
=fncH
-----END PGP SIGNATURE-----
More information about the Kerberos
mailing list