Kerberos + LDAP + Cyrus-SASL woes
James Hunt
james at oicgroup.net
Wed May 26 17:50:58 EDT 2004
We are looking to integrate Kerberos with LDAP and PAM (facilitating
communication between Kerberos and LDAP using Cyrus-SASL) on Linux. On
our own, and using documentation found on the web, we have managed to
implement it partially.
What we have so far:
A working LDAP server that we can bind to and query.
A working kerberos KDC that is issuing tickets.
A PAM setup that has moved the UNIX authentication (/etc/passwd) into
LDAP.
The final product would provide central user authentication (the
Kerberos KDC) and user account management (LDAP), thus providing many of
the services of a Windows Active Directory server. What we are stuck on
is not so much a configuration or software issue as it is a conceptual
snag. Where should Kerberos tickets (and possibly keytabs) be stored to
interoperate with LDAP? How is LDAP supposed to contact the KDC and
receive a ticket? Is the user supposed to run kinit -f upon login?
Our company, the OIC Group, is looking for someone who really knows
Kerberos and LDAP inside and out, and is willing to lend a hand, either
as a consultant, or a contract system administrator. OIC is willing to
pay for services rendered. Our only requirement is that the working
implementation / configuration be well-documented for future reference.
Any help / direction / guidance is greatly appreciated.
James Hunt,
Senior Programmer
OIC Group, Inc.
http://www.oicgroup.net/
More information about the Kerberos
mailing list