Kerberos Questions
Evan Vittitow
evan at terralab.com
Thu Nov 16 16:21:46 EST 2006
I'm going to assume you are running Linux. I do LDAP with NSS and
Kerberos with PAM. No, you don't tell LDAP to verify with the {kerberos}
property. Thats a security risk. MIT Kerberos cannot use LDAP as a backend.
Heimdal Can. There is a schema in LDAP called kerberosecurityobject,
That is what would hold MIT Kerberos Credentials IF MIT Kerberos
supported LDAP. Heimdal has its own Schema.
GSSAPI applies to Samba, PostFix, Apache, and SSH with Kerberos support
SASL with GSSAPI applies to OpenLDAP Authenticating autonymously
against another OpenLDAP for reasons of replication.
More information about the Kerberos
mailing list