OpenLDAP and Keberos 5 - How to
Brian Candler
B.Candler at pobox.com
Mon Apr 18 12:23:00 EDT 2011
On Mon, Apr 18, 2011 at 02:58:29PM +0700, Nguyen, Quoc Khanh wrote:
> i just want to configure and install Keberos 5 for OpenLDAP system only. So
> i have read a lot of document about keberos, and feel that they didn't met
> my requirement.
>
> I... I don't know how to begin with it.
Here are some presentations I did earlier in the year:
https://nsrc.org/workshops/2011/sanog17/raw-attachment/wiki/Agenda/kerberos1.pdf
https://nsrc.org/workshops/2011/sanog17/raw-attachment/wiki/Agenda/kerberos2.pdf
https://nsrc.org/workshops/2011/sanog17/raw-attachment/wiki/Agenda/kerberos3.pdf
And the exercises that went with them:
https://nsrc.org/workshops/ws-files/2011/sanog17/exercises/ex1-kerberos-client.html
https://nsrc.org/workshops/ws-files/2011/sanog17/exercises/ex2-kerberos-host.html
https://nsrc.org/workshops/ws-files/2011/sanog17/exercises/ex3-kerberos-kdc.html
https://nsrc.org/workshops/ws-files/2011/sanog17/exercises/ex4-ldap-server.html
https://nsrc.org/workshops/ws-files/2011/sanog17/exercises/ex999-lab-setup.html
The presentations are very much in note form - they are not supposed to
eliminate the need for a presenter to explain what's going on. However the
lab setup includes building a KDC plus and OpenLDAP server which requires
clients to use Kerberos authentication. You may be able to extract some
useful hints from it. This is all tested using Ubuntu 10.04 LTS.
In summary I'd say:
- build your Kerberos KDC (if you don't already have one)
- get to the point where 'kinit' works
- build your OpenLDAP server and configure it for GSSAPI authentication
- use the ldapsearch command line with -Y GSSAPI to test it
HTH,
Brian.
More information about the Kerberos
mailing list