Kerberos + LDAP + Cyrus-SASL woes
Markus Moeller
huaraz at btinternet.com
Thu May 27 02:41:06 EDT 2004
You might want to look at www.vintela.com
Markus
"James Hunt" <james at oicgroup.net> wrote in message
news:1085608258.23946.13.camel at james.office.oic...
> We are looking to integrate Kerberos with LDAP and PAM (facilitating
> communication between Kerberos and LDAP using Cyrus-SASL) on Linux. On
> our own, and using documentation found on the web, we have managed to
> implement it partially.
>
> What we have so far:
> A working LDAP server that we can bind to and query.
> A working kerberos KDC that is issuing tickets.
> A PAM setup that has moved the UNIX authentication (/etc/passwd) into
> LDAP.
>
> The final product would provide central user authentication (the
> Kerberos KDC) and user account management (LDAP), thus providing many of
> the services of a Windows Active Directory server. What we are stuck on
> is not so much a configuration or software issue as it is a conceptual
> snag. Where should Kerberos tickets (and possibly keytabs) be stored to
> interoperate with LDAP? How is LDAP supposed to contact the KDC and
> receive a ticket? Is the user supposed to run kinit -f upon login?
>
> Our company, the OIC Group, is looking for someone who really knows
> Kerberos and LDAP inside and out, and is willing to lend a hand, either
> as a consultant, or a contract system administrator. OIC is willing to
> pay for services rendered. Our only requirement is that the working
> implementation / configuration be well-documented for future reference.
>
> Any help / direction / guidance is greatly appreciated.
>
> James Hunt,
> Senior Programmer
> OIC Group, Inc.
> http://www.oicgroup.net/
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
More information about the Kerberos
mailing list