create principals in kerberos + openldap as backend (kdb5_ldap_util)
amit pawar
amitpawar007 at gmail.com
Wed Jun 25 02:55:52 EDT 2008
Hi,
I am working configuring MIT Kerberos with openldap as backend.
Till now i have been successful with integrating openldap as backend for
kerberos.
I have followed instruction s from
http://web.mit.edu/kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-admin.html#Top
and
http://blogs.sun.com/wfiveash/entry/the_rough_guide_to_configuring (its
for solaris)
MIT Kerberos version: krb5-1.6.3
Openldap version: 2.4.7
I have successfully created realm EXAMPLE.COM
kdb5_ldap_util -D cn=admin,o=org create -subtress o=org -sscope SUB -r
EXAMPLE.COM -w secret
this created realm also adding various entries to ldap database on
ldapserver such as krbtgt/EXAMPLE.COM, kadmin/admin, kadmin/history,
kadmin/changepw, etc.
I have also added kdc and kadmin administrator entries to kerberos by ldif.
cn=krbadmin, o=org
and stash the password for same.
Now i am stuck, Please answere this queries
1) how do i create principals for the same. (should i use kadmin.local
option)
2) but kadmin.local doesn't work on my kdc(error given below)
3) is there any other way to create user principals....??????
As with only kerberos we use kadmin.local on kdc machine.
but when in kerberos + openldap if i try using kadmin.local on kdc. It fails
giving error
# kadmin.local
Authenticating as principal root/admin at EXAMPLE.COM with password.
kadmin.local : Unable to access kerberos database while initializing
kadmin.local interface.
Thanks in advance.
--
Regards,
Amit Pawar
Software Developer,
Financial Technologies (India) Ltd.
More information about the Kerberos
mailing list