Open LDAP VS Kerberos : help needed

Brian Thompson brian at eng.wayne.edu
Thu May 22 14:26:12 EDT 2008



Ken Raeburn wrote:

>On May 22, 2008, at 07:18, Anshuman Hazarika wrote:
>  
>
>>I now know that we can make kerberos use openldap as its data store  
>>backend, but only with heimdal as our kdc, not mit kerberos.
>>    
>>
>
>Why do you think MIT Kerberos can't do that?
>
>Our current release has LDAP database support.  I'm not really an  
>expert on the use of LDAP, though, so aside from just pointing you at  
>some documentation, I can't give you a lot of specific advice.
>
>http://web.mit.edu/kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend
>
>If you're using a version of MIT Kerberos included by an operating  
>system vendor, it may or may not be recent enough to have the LDAP  
>support, and the LDAP support may or may not have been compiled...
>
>  
>

This slipped through my radar as well... We're currently using
Heimdal since several years ago it was the only real option if a
LDAP backend was required.

Anyone know if the LDAP databases are compatible between
Heimdal and MIT (in particular the user principals)?

And, this might be a question for one of the Sun or OpenSolaris
lists, but anyone know if there are any plans to add the LDAP
support to the Solaris 11 flavor of MIT krb5?

Thanks,
Brian




More information about the Kerberos mailing list