Kerberos OpenLDAP Frontend
Jonathan Javier Cordoba Gonzalez
jcordoba at uniandes.edu.co
Tue Sep 25 10:52:49 EDT 2007
Ok Douglas....
It means that we need to have two databases?? A KDC with passwords and LDAP
with profile information?
Thanks
Jonathan Córdoba
Certified Ethical Hacker (CEH)
GIAC Certified Forensics Analyst (GCFA)
CompTIA Security+ Certified Professional
Ing. Seguridad Universidad de los Andes
Dirección de Tecnologías de Información (D.T.I.)
Bogotá - Colombia
-----Original Message-----
From: Douglas E. Engert [mailto:deengert at anl.gov]
Sent: Martes, 25 de Septiembre de 2007 09:40 a.m.
To: Jonathan Javier Cordoba Gonzalez
Subject: Re: Kerberos OpenLDAP Frontend
Jonathan Javier Cordoba Gonzalez wrote:
> Hi Douglas,
>
> I actually try to use the LDAP to store the KDC data... I guess that it
> means more performance and administrative...
That I have not tried. We are using AD as the KDCs. with OpenLDAP
for the nss-ldap.
>
>
> Jonathan Córdoba
> Certified Ethical Hacker (CEH)
> GIAC Certified Forensics Analyst (GCFA)
> CompTIA Security+ Certified Professional
> Ing. Seguridad Universidad de los Andes
> Dirección de Tecnologías de Información (D.T.I.)
> Bogotá - Colombia
>
>
> -----Original Message-----
> From: Douglas E. Engert [mailto:deengert at anl.gov]
> Sent: Martes, 25 de Septiembre de 2007 08:56 a.m.
> To: Jonathan Javier Cordoba Gonzalez
> Cc: kerberos at mit.edu
> Subject: Re: Kerberos OpenLDAP Frontend
>
>
>
> Jonathan Javier Cordoba Gonzalez wrote:
>> Hi,
>>
>>
>>
>> Im confuse about the openldap frontend
>>
>>
>>
>> Anybody have a guide, tutorial or a step-by-step procedure in order to
> make
>> the connection, create the initial LDAP DB and how it works??
>>
>>
>>
>> I dont understand the sequence when a user wants authenticate
>
> You may be confusing the LDAP used by the KDC to store it data,
> and an LDAP used by something like nss-ldap that stores what
> would have been found on /etc/passwd or NIS.
> So kinit and pam_krb5 can do the authentication as they always have,
> to the KDC, then when kinit or pam_krb5 calls getpwnam this calls
> the nss-ldap routines via /etc/nsswitch.conf.
>
>
>
>>
>>
>> Thanks a lot.
>>
>>
>>
>> Jonathan Córdoba
>>
>> Certified Ethical Hacker (CEH)
>>
>> GIAC Certified Forensics Analyst (GCFA)
>>
>> CompTIA Security+ Certified Professional
>>
>> Ing. Seguridad Universidad de los Andes
>>
>> Dirección de Tecnologías de Información (D.T.I.)
>>
>> Bogotá - Colombia
>>
>>
>>
>> ________________________________________________
>> Kerberos mailing list Kerberos at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>
>>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list