Kerberos OpenLDAP Frontend
Douglas E. Engert
deengert at anl.gov
Tue Sep 25 15:05:07 EDT 2007
Jonathan Javier Cordoba Gonzalez wrote:
> Ok Douglas....
>
> It means that we need to have two databases??
I think they could be the same, or at least on the same servers,
but then you are mixing the authentication with the authorization.
But your authentication realm maybe enterprise wide, where as you
authorization domain may be departmental. i.e. home directories,
user names, uids, may be local.
Also keep in mind that only the KDC needs access to its data
where as the authorization data can be read by almost any host.
A KDC with passwords and LDAP
> with profile information?
>
> Thanks
>
> Jonathan Córdoba
> Certified Ethical Hacker (CEH)
> GIAC Certified Forensics Analyst (GCFA)
> CompTIA Security+ Certified Professional
> Ing. Seguridad Universidad de los Andes
> Dirección de Tecnologías de Información (D.T.I.)
> Bogotá - Colombia
>
>
> -----Original Message-----
> From: Douglas E. Engert [mailto:deengert at anl.gov]
> Sent: Martes, 25 de Septiembre de 2007 09:40 a.m.
> To: Jonathan Javier Cordoba Gonzalez
> Subject: Re: Kerberos OpenLDAP Frontend
>
>
>
> Jonathan Javier Cordoba Gonzalez wrote:
>> Hi Douglas,
>>
>> I actually try to use the LDAP to store the KDC data... I guess that it
>> means more performance and administrative...
>
> That I have not tried. We are using AD as the KDCs. with OpenLDAP
> for the nss-ldap.
>
>>
>> Jonathan Córdoba
>> Certified Ethical Hacker (CEH)
>> GIAC Certified Forensics Analyst (GCFA)
>> CompTIA Security+ Certified Professional
>> Ing. Seguridad Universidad de los Andes
>> Dirección de Tecnologías de Información (D.T.I.)
>> Bogotá - Colombia
>>
>>
>> -----Original Message-----
>> From: Douglas E. Engert [mailto:deengert at anl.gov]
>> Sent: Martes, 25 de Septiembre de 2007 08:56 a.m.
>> To: Jonathan Javier Cordoba Gonzalez
>> Cc: kerberos at mit.edu
>> Subject: Re: Kerberos OpenLDAP Frontend
>>
>>
>>
>> Jonathan Javier Cordoba Gonzalez wrote:
>>> Hi,
>>>
>>>
>>>
>>> I’m confuse about the openldap frontend…
>>>
>>>
>>>
>>> Anybody have a guide, tutorial or a step-by-step procedure in order to
>> make
>>> the connection, create the initial LDAP DB and how it works??
>>>
>>>
>>>
>>> I don’t understand the sequence when a user wants authenticate…
>> You may be confusing the LDAP used by the KDC to store it data,
>> and an LDAP used by something like nss-ldap that stores what
>> would have been found on /etc/passwd or NIS.
>> So kinit and pam_krb5 can do the authentication as they always have,
>> to the KDC, then when kinit or pam_krb5 calls getpwnam this calls
>> the nss-ldap routines via /etc/nsswitch.conf.
>>
>>
>>
>>>
>>>
>>> Thanks a lot.
>>>
>>>
>>>
>>> Jonathan Córdoba
>>>
>>> Certified Ethical Hacker (CEH)
>>>
>>> GIAC Certified Forensics Analyst (GCFA)
>>>
>>> CompTIA Security+ Certified Professional
>>>
>>> Ing. Seguridad Universidad de los Andes
>>>
>>> Dirección de Tecnologías de Información (D.T.I.)
>>>
>>> Bogotá - Colombia
>>>
>>>
>>>
>>> ________________________________________________
>>> Kerberos mailing list Kerberos at mit.edu
>>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>>
>>>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list