mit kerberos and openldap
Roberto C. Sánchez
roberto at connexer.com
Mon Nov 12 09:15:12 EST 2007
On Mon, Nov 12, 2007 at 08:06:43PM +0600, Konstantin Verba wrote:
> Hello, I'm trying to setup Single Sign-On useing mit kerberos and openldap.
> I've already have slapd configured and running, and created kerberos
> containers in ldap with kdb5_ldap_util. But as I can see, I have two
> different trees of entities, one is the krbcontainer tree and another is my
> ou, where I keep test user's account with inetOrgPerson (structural)
> objectClass. Problem is I want that user authentificate with kerberos and
> then get access to uid and other data in ldap. Howto to keep this all
> together? I've already created mixed object class with inetorgperson and
> krbperson as parents, but krbPrincipalName and uid are steel different
> fields.
I accomplished something like what you are describing by not putting any
kerberos-related information into LDAP and telling PAM on the clients to
autenticate against kerberos and to get everything else from LDAP.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20071112/8a0584c9/attachment.bin
More information about the Kerberos
mailing list