kerberos-ldap, comp.security.unix, comp.security.misc
paul b
bisibis at pt.lu
Mon Mar 14 15:40:21 EST 2005
Hello,
I am currently trying to set up a LDAP-Kerberos environment and I have
some problems understanding how LDAP finds the correct user in the
directory once a person has presented its ticket to the LDAP server.
In fact, the goal is that the user authenticates to Kerberos and if
the login went well, he gets his context(home directory, shell,..)
from the LDAP directory:
If I understood LDAP-Kerberos well, the user gets a service ticket for
the LDAP-server and when he presents this ticket to the LDAP server,
the name contained in the service-ticket will be mapped to a field in
the LDAP directory. Can someone tell me how the LDAP server finds the
right entry when the user presents the ticket. On some sites, I read
that I have to enter a "krbName" entry for each user in the LDAP and
that the LDAP-server searches the "krbName" in the LDAP directory
corresponding to the name contained in the ticket.
Is this true, do I have to add a krbName for each of users or is there
an easier way?
On client side, does PAM-LDAP all the work for me or do I have to add
additional PAM-modules? (of course, I use pam_krb for the Kerberos
authentication)
Thanx in advance
CB
More information about the Kerberos
mailing list