Heimdal KDC, Windows XP and local users

Volkmar Glauche volkmar.glauche at uniklinik-freiburg.de
Mon Jan 14 07:08:40 EST 2008


Am Montag, den 14.01.2008, 12:27 +0100 schrieb Javier Palacios:
> On Jan 14, 2008 12:06 PM, Volkmar Glauche
> <volkmar.glauche at uniklinik-freiburg.de> wrote:
> > > Sure. But this again means the toil of maintaining two databases: the
> > > NIS map and the KDC database.
> >
> > I think you will need two databases: one for kerberos credentials and
> > another one for account information. Kerberos does not tell you about a
> > user's home directory or shell...
> 
> You don't need two databases. Both heimdal and MIT current versions
> allow LDAP as "database" for credentials so you have a single
> database. I've not used MIT, but I've been using heimdal-ldap for a
> long time without problems.

This is true. I'm doing the same with heimdal as you. But if there are
security concerns about storing kerberos credentials in LDAP, then you
need 2 databases. A KDC doesn't store other things than credentials in
its native database.

> Maybe you need two interfaces, but just because you cannot set the
> password using only LDAP tools (unless you know the internals of the
> way passwords are encoded into the kerberos repository).
> 
> Javier Palacios
-- 
Volkmar Glauche

Freiburg Brain Imaging
http://fbi.uniklinik-freiburg.de/
Phone +49(0)761 270-5331
Fax   +49(0)761 270-5416




More information about the Kerberos mailing list