Kerberos with LDAP backend

Ken Raeburn raeburn at MIT.EDU
Sat May 23 15:38:08 EDT 2009

On May 23, 2009, at 15:28, Thomas Skora wrote:
> I've set up MIT Kerberos with OpenLDAP from Debian lenny packages
> according to the instructions in the documentation. From the  
> functionality
> everything looks fine. The realm subtrees were created in the  
> directory,
> the KDC is interacting with the LDAP server, but now I'm stuck at a  
> (as it
> seems for me) chicken-egg-problem: to add principals I need a  
> principal
> with appropriate permissions. I tried already to create such entries  
> in
> LDAP by hand but all tries to use it ended up with the following log
> lines:

You should be able to use kadmin.local to create them.  It'll go  
through the KDC database layer and contact the LDAP server directly,  
and should (like kadmind) be set up to have write access to the  
appropriate LDAP data.

Ken Raeburn / raeburn at / no longer at MIT Kerberos Consortium

More information about the Kerberos mailing list