ldap simple bind with kerberos passwords

Karen R McArthur kmcarthu at bates.edu
Thu Feb 9 09:31:41 EST 2006


This issue involves ldap-kerberos integration.  I'm not sure if this is 
a kerberos or an ldap configuration problem so have sent it both to the 
openldapldap-software and the kerberos lists.

openldap-2.2.15-2; krb5-libs-1.2.5-15; cyrus-sasl-2.1.10-1

Passwords are stored in the kerberos database.  All passwords in ldap 
are set to {SASL}principle at REALM (I've also tried 
{KERBEROS}principle at REALM).  All ldap "People" have a kerberos record 
and also the "krb5Principal" objectClass.

The keytabs ldap/<FQDN>@REALM, host/<FQDN>@REALM, cvs/<FQDN>@REALM, and 
svn/<FQDN>@REALM all exist.

I can authenticate to all of my Linux servers.  Most of my applications 
are authenticating with no problems.  However, those application that 
are not kerberos aware and require a simple ldap bind are not 
authenticating. (for example, subversion).

Is this an ldap configuration issue?  Or is it kerberos?  Any ideas 
would be greatly appreciated!

-- 
Karen R. McArthur <kmcarthu at bates.edu>
Systems Administrator
Information and Library Services, Bates College
Lewiston, Maine 04240
ph:(207) 786-8236   fax:(207) 786-6057



More information about the Kerberos mailing list