Kerberos OpenLDAP Frontend

Jonathan Javier Cordoba Gonzalez jcordoba at uniandes.edu.co
Tue Sep 25 09:59:57 EDT 2007


Hi Douglas,

I actually try to use the LDAP to store the KDC data... I guess that it
means more performance and administrative...


Jonathan Córdoba
Certified Ethical Hacker (CEH)
GIAC Certified Forensics Analyst (GCFA)
CompTIA Security+ Certified Professional
Ing. Seguridad Universidad de los Andes
Dirección de Tecnologías de Información (D.T.I.)
Bogotá - Colombia


-----Original Message-----
From: Douglas E. Engert [mailto:deengert at anl.gov] 
Sent: Martes, 25 de Septiembre de 2007 08:56 a.m.
To: Jonathan Javier Cordoba Gonzalez
Cc: kerberos at mit.edu
Subject: Re: Kerberos OpenLDAP Frontend



Jonathan Javier Cordoba Gonzalez wrote:
> Hi,
> 
>  
> 
> I’m confuse about the openldap frontend

> 
>  
> 
> Anybody have a guide, tutorial or a step-by-step procedure in order to
make
> the connection, create the initial LDAP DB and how it works??
> 
>  
> 
> I don’t understand the sequence when a user wants authenticate


You may be confusing the LDAP used by the KDC to store it data,
and an LDAP used by something like nss-ldap that stores what
would have been found on /etc/passwd or NIS.
So kinit and pam_krb5 can do the authentication as they always have,
to the KDC, then when kinit or pam_krb5  calls getpwnam this calls
the  nss-ldap routines via /etc/nsswitch.conf.



> 
>  
> 
> Thanks a lot.
> 
>  
> 
> Jonathan Córdoba
> 
> Certified Ethical Hacker (CEH)
> 
> GIAC Certified Forensics Analyst (GCFA)
> 
> CompTIA Security+ Certified Professional
> 
> Ing. Seguridad Universidad de los Andes
> 
> Dirección de Tecnologías de Información (D.T.I.)
> 
> Bogotá - Colombia
> 
>  
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444





More information about the Kerberos mailing list