Kerberos + LDAP + Cyrus-SASL woes

Markus Moeller huaraz at btinternet.com
Thu May 27 02:41:06 EDT 2004


You might want to look at www.vintela.com

Markus

"James Hunt" <james at oicgroup.net> wrote in message
news:1085608258.23946.13.camel at james.office.oic...
> We are looking to integrate Kerberos with LDAP and PAM (facilitating
> communication between Kerberos and LDAP using Cyrus-SASL) on Linux.  On
> our own, and using documentation found on the web, we have managed to
> implement it partially.
>
> What we have so far:
> A working LDAP server that we can bind to and query.
> A working kerberos KDC that is issuing tickets.
> A PAM setup that has moved the UNIX authentication (/etc/passwd) into
> LDAP.
>
> The final product would provide central user authentication (the
> Kerberos KDC) and user account management (LDAP), thus providing many of
> the services of a Windows Active Directory server.  What we are stuck on
> is not so much a configuration or software issue as it is a conceptual
> snag.  Where should Kerberos tickets (and possibly keytabs) be stored to
> interoperate with LDAP?  How is LDAP supposed to contact the KDC and
> receive a ticket?  Is the user supposed to run kinit -f upon login?
>
> Our company, the OIC Group, is looking for someone who really knows
> Kerberos and LDAP inside and out, and is willing to lend a hand, either
> as a consultant, or a contract system administrator.  OIC is willing to
> pay for services rendered.  Our only requirement is that the working
> implementation / configuration be well-documented for future reference.
>
> Any help / direction / guidance is greatly appreciated.
>
> James Hunt,
> Senior Programmer
> OIC Group, Inc.
> http://www.oicgroup.net/
>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>




More information about the Kerberos mailing list