Managing kerberos entity through LDAP krb at
Tue Sep 9 09:55:07 EDT 2008

Hi everyone,

I'm trying to set a kerberos KDC to use a LDAP-backend (OpenLDAP). I would like to reduce 
of the action performed through kadmin tool.

For example, I would like to be able to create principals with "ldif" file", especially, my 
users and computers are convenniantly organized in my LDAP directory and all informations 
(LDAP attributes, kerberos atributes, ...) relative to each other are stored in a single 
entry DN.

I defininately don't want LDAP entries like krbPrincipalName=...,cn=MYREALM.COM,o=... for 
standard users and computers (except for the mandatory ones).

Do you have any hints on doing this with kerberos 1.6 and OpenLDAP 2.4.11 ?

I have tried to "copy" a previously kdc-created kerberos entry in my LDAP, modifying 
some of the fields and changing the password with kadmin but I can't use it to authenticate.

It seems I have hard time with the "binary" attributes krbExtraData or the management of the 

Thank you in advance for any advice or answer,
Sincerely yours, Mathieu MILLET

Mathieu MILLET
mailto:krb at

More information about the Kerberos mailing list