that interop mess: ldap, samba, kerberos
rektide
rektide at gmail.com
Sat Nov 19 14:21:05 EST 2005
I did this whole dance a while ago, getting ldap+samba+kerberos
opertaing together, based off Turbo's guide. As I do it over again, I
note that there seem to be more options out there. What are best
practices and best bets for how to architect this setup? I'm mainly
interested in how and where passwords are stored; I'm fairly sure I'm
going to stick with kerberos serving as the chief authentication
system, not running kerberos off ldap backend.
Is it still mainly all about having {KERBEROS}name at REALM.COM in
userPassword?
I noticed Turbo's guide never gives LDAP a keytab entry. His setup
didnt require LDAP to do any writing to kerberos, so it was
unnecessary. Is this still the case?
Of note, I do plan on running the KX509 / KCA setup off this at some
point in the not too distant future. I'm running Heimdal and OpenLDAP
2.3.
Seems to be going well so far. Much easier than I remember... so far.
There's also better resources online.
Thanks
Rektide
More information about the Kerberos
mailing list