Managing kerberos entity through LDAP
krb@htam.net
krb at htam.net
Tue Sep 9 09:55:07 EDT 2008
Hi everyone,
I'm trying to set a kerberos KDC to use a LDAP-backend (OpenLDAP). I would like to reduce
most
of the action performed through kadmin tool.
For example, I would like to be able to create principals with "ldif" file", especially, my
users and computers are convenniantly organized in my LDAP directory and all informations
(LDAP attributes, kerberos atributes, ...) relative to each other are stored in a single
entry DN.
I defininately don't want LDAP entries like krbPrincipalName=...,cn=MYREALM.COM,o=... for
standard users and computers (except for the mandatory ones).
Do you have any hints on doing this with kerberos 1.6 and OpenLDAP 2.4.11 ?
I have tried to "copy" a previously kdc-created kerberos entry in my LDAP, modifying
some of the fields and changing the password with kadmin but I can't use it to authenticate.
It seems I have hard time with the "binary" attributes krbExtraData or the management of the
krbTicketFlags.
Thank you in advance for any advice or answer,
Sincerely yours, Mathieu MILLET
--
Mathieu MILLET
mailto:krb at htam.net
More information about the Kerberos
mailing list