openldap principal
Frederic Medery
f.medery at videotron.ca
Sat Jul 3 10:55:46 EDT 2004
Thanks,
But Why do I need lda/hostname at REALMS principal AND the rootdn in the
kerberos DB
On 2-Jul-04, at 8:56 AM, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Thu, 1 Jul 2004, Frederic Medery wrote:
>
>> My question is : Do I have to create all the users principal or when I
>> create a ldap user, do i have to create it inside kerberos of the ldap
>> admin principal with create it for me ?
>
> You will need to be able to associate each user principal in the domain
> with a uidNumber. The easiest way I can think to explain it is
> pam_krb5+nss_ldap. So you will need the posixAccounts in the directory
> service but not the userPassword (or authPassword) attributes. The
> authentication is handled via the KDC and the OS calls to getpwnam(),
> et. al. go through NSS and out to LDAP.
>
> Hope this helps. Also you might be interested in the Heimdal+LDAP
> setup described at http://padl.com/esearch/Heimdal.html
>
>
>
>
> cheers, jerry
> -
> ----------------------------------------------------------------------
> Hewlett-Packard ------------------------- http://www.hp.com
> SAMBA Team ---------------------- http://www.samba.org
> GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc
> "...a hundred billion castaways looking for a home." ----------- Sting
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
> Comment: For info see http://quantumlab.net/pine_privacy_guard/
>
> iD8DBQFA5Vt8IR7qMdg1EfYRAoEEAJwIxWJHhpnrQ4lQvd9wrIt+W0+8oACeOMkz
> vV3B5tYHwhGWf3gl5z/aVqI=
> =fncH
> -----END PGP SIGNATURE-----
>
More information about the Kerberos
mailing list