Kerberos with LDAP backend
Ken Raeburn
raeburn at MIT.EDU
Sat May 23 15:38:08 EDT 2009
On May 23, 2009, at 15:28, Thomas Skora wrote:
> I've set up MIT Kerberos with OpenLDAP from Debian lenny packages
> according to the instructions in the documentation. From the
> functionality
> everything looks fine. The realm subtrees were created in the
> directory,
> the KDC is interacting with the LDAP server, but now I'm stuck at a
> (as it
> seems for me) chicken-egg-problem: to add principals I need a
> principal
> with appropriate permissions. I tried already to create such entries
> in
> LDAP by hand but all tries to use it ended up with the following log
> lines:
You should be able to use kadmin.local to create them. It'll go
through the KDC database layer and contact the LDAP server directly,
and should (like kadmind) be set up to have write access to the
appropriate LDAP data.
--
Ken Raeburn / raeburn at mit.edu / no longer at MIT Kerberos Consortium
More information about the Kerberos
mailing list