Samba authentication to Kerberos via OpenLDAP, third and last try

Michael Ströder michael at
Mon Apr 7 04:56:03 EDT 2008

Wes Modes wrote:
> Thanks, Sean.  I've set up the OpenLDAP to Kerberos connection using 
> Saslauthd and the {SASL}username at MYREALM.EDU.  That part at least is 
> indeed possible.
> [..]
> I know now that I can't just plug them in end-to-end and expect them to 
> work.  But I was hoping that experts on this and the OpenLDAP list would 
> suggest creative solutions.  I'm open to creative hacks and use contrary 
> to labeling.

Maybe you should think about why "creative hacks" are not a good idea 
and therefore the experts do not suggest any. Kerberos has a certain 
security model. For security reasons the TGT is not something which 
should be stored everywhere. I also consider the saslauthd hack with 
{SASL}username at MYREALM.EDU to be not acceptable.

Ciao, Michael.

More information about the Kerberos mailing list