openldap principal

Gerald (Jerry) Carter jerry at samba.org
Fri Jul 2 08:56:27 EDT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 1 Jul 2004, Frederic Medery wrote:

> My question is : Do I have to create all the users principal or when I
> create a ldap user, do i have to create it inside kerberos of the ldap
> admin principal with create it for me ?

You will need to be able to associate each user principal in the domain 
with a uidNumber.  The easiest way I can think to explain it is 
pam_krb5+nss_ldap.  So you will need the posixAccounts in the directory 
service but not the userPassword (or authPassword) attributes.  The 
authentication is handled via the KDC and the OS calls to getpwnam(), 
et. al. go through NSS and out to LDAP.

Hope this helps.  Also you might be interested in the Heimdal+LDAP
setup described at http://padl.com/esearch/Heimdal.html




cheers, jerry
- ----------------------------------------------------------------------
Hewlett-Packard            ------------------------- http://www.hp.com
SAMBA Team                 ---------------------- http://www.samba.org
GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
"...a hundred billion castaways looking for a home." ----------- Sting 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQFA5Vt8IR7qMdg1EfYRAoEEAJwIxWJHhpnrQ4lQvd9wrIt+W0+8oACeOMkz
vV3B5tYHwhGWf3gl5z/aVqI=
=fncH
-----END PGP SIGNATURE-----


More information about the Kerberos mailing list