Kerberos w/LDAP

[Russ Allbery]

Rodrick Brown <rbrown[@]doitt.nyc.gov> writes:

> In my previous enviornment we used only LDAP to store username,
> passwords, automaps for nfs etc.. when ever a user logged into a system
> his/her home directory was mounted from a nfs server, I would like to
> simulate this behaving using kerberos and ldap some how? What is
> confusing me is the fact that instead of LDAP, kerberos will now be my
> authentication db and from i've been reading there is no way centralize
> way to store this infromation in kerberos, is there a way to keep
> authentication information in kerberos and store the other infromation
> in LDAP and have this work in a reasonable and managable way?

Sure.  None of that is authentication information.  Use a Kerberos PAM
module for authentication (or software that supports Kerberos
authentication via GSSAPI or the like) and use an LDAP nsswitch module to
retrieve the othe information.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>