mit kerberos and openldap
Konstantin Verba
crypt at sibinco.ru
Mon Nov 12 09:55:52 EST 2007
On Monday 12 November 2007 20:15:12 Roberto C. Sánchez wrote:
> On Mon, Nov 12, 2007 at 08:06:43PM +0600, Konstantin Verba wrote:
> > Hello, I'm trying to setup Single Sign-On useing mit kerberos and
> > openldap. I've already have slapd configured and running, and created
> > kerberos containers in ldap with kdb5_ldap_util. But as I can see, I have
> > two different trees of entities, one is the krbcontainer tree and another
> > is my ou, where I keep test user's account with inetOrgPerson
> > (structural) objectClass. Problem is I want that user authentificate with
> > kerberos and then get access to uid and other data in ldap. Howto to keep
> > this all together? I've already created mixed object class with
> > inetorgperson and krbperson as parents, but krbPrincipalName and uid are
> > steel different fields.
>
> I accomplished something like what you are describing by not putting any
> kerberos-related information into LDAP and telling PAM on the clients to
> autenticate against kerberos and to get everything else from LDAP.
>
> Regards,
>
> -Roberto
In such a case, I don't see any difference between useing separate ldap tree
or not useing ldap at all. I think all the trick you are talking about is in
the pam configuration, am I right?
--
Konstantin
More information about the Kerberos
mailing list