Samba authentication to Kerberos via OpenLDAP, third and last try
Michael Ströder
michael at stroeder.com
Mon Apr 7 04:56:03 EDT 2008
Wes Modes wrote:
> Thanks, Sean. I've set up the OpenLDAP to Kerberos connection using
> Saslauthd and the {SASL}username at MYREALM.EDU. That part at least is
> indeed possible.
> [..]
> I know now that I can't just plug them in end-to-end and expect them to
> work. But I was hoping that experts on this and the OpenLDAP list would
> suggest creative solutions. I'm open to creative hacks and use contrary
> to labeling.
Maybe you should think about why "creative hacks" are not a good idea
and therefore the experts do not suggest any. Kerberos has a certain
security model. For security reasons the TGT is not something which
should be stored everywhere. I also consider the saslauthd hack with
{SASL}username at MYREALM.EDU to be not acceptable.
Ciao, Michael.
More information about the Kerberos
mailing list