Kerberos OpenLDAP Frontend

Jonathan Javier Cordoba Gonzalez jcordoba at uniandes.edu.co
Tue Sep 25 10:52:49 EDT 2007


Ok Douglas....

It means that we need to have two databases?? A KDC with passwords and LDAP
with profile information?

Thanks

Jonathan Córdoba
Certified Ethical Hacker (CEH)
GIAC Certified Forensics Analyst (GCFA)
CompTIA Security+ Certified Professional
Ing. Seguridad Universidad de los Andes
Dirección de Tecnologías de Información (D.T.I.)
Bogotá - Colombia


-----Original Message-----
From: Douglas E. Engert [mailto:deengert at anl.gov] 
Sent: Martes, 25 de Septiembre de 2007 09:40 a.m.
To: Jonathan Javier Cordoba Gonzalez
Subject: Re: Kerberos OpenLDAP Frontend



Jonathan Javier Cordoba Gonzalez wrote:
> Hi Douglas,
> 
> I actually try to use the LDAP to store the KDC data... I guess that it
> means more performance and administrative...

That I have not tried. We are using AD as the KDCs. with OpenLDAP
for the nss-ldap.

> 
> 
> Jonathan Córdoba
> Certified Ethical Hacker (CEH)
> GIAC Certified Forensics Analyst (GCFA)
> CompTIA Security+ Certified Professional
> Ing. Seguridad Universidad de los Andes
> Dirección de Tecnologías de Información (D.T.I.)
> Bogotá - Colombia
> 
> 
> -----Original Message-----
> From: Douglas E. Engert [mailto:deengert at anl.gov] 
> Sent: Martes, 25 de Septiembre de 2007 08:56 a.m.
> To: Jonathan Javier Cordoba Gonzalez
> Cc: kerberos at mit.edu
> Subject: Re: Kerberos OpenLDAP Frontend
> 
> 
> 
> Jonathan Javier Cordoba Gonzalez wrote:
>> Hi,
>>
>>  
>>
>> I’m confuse about the openldap frontend

>>
>>  
>>
>> Anybody have a guide, tutorial or a step-by-step procedure in order to
> make
>> the connection, create the initial LDAP DB and how it works??
>>
>>  
>>
>> I don’t understand the sequence when a user wants authenticate

> 
> You may be confusing the LDAP used by the KDC to store it data,
> and an LDAP used by something like nss-ldap that stores what
> would have been found on /etc/passwd or NIS.
> So kinit and pam_krb5 can do the authentication as they always have,
> to the KDC, then when kinit or pam_krb5  calls getpwnam this calls
> the  nss-ldap routines via /etc/nsswitch.conf.
> 
> 
> 
>>  
>>
>> Thanks a lot.
>>
>>  
>>
>> Jonathan Córdoba
>>
>> Certified Ethical Hacker (CEH)
>>
>> GIAC Certified Forensics Analyst (GCFA)
>>
>> CompTIA Security+ Certified Professional
>>
>> Ing. Seguridad Universidad de los Andes
>>
>> Dirección de Tecnologías de Información (D.T.I.)
>>
>> Bogotá - Colombia
>>
>>  
>>
>> ________________________________________________
>> Kerberos mailing list           Kerberos at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>
>>
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444





More information about the Kerberos mailing list