OpenLDAP and Keberos 5 - How to
Nguyen, Quoc Khanh
khanhnq at saigontech.edu.vn
Tue Apr 19 04:24:51 EDT 2011
Oh... It's a useful document for me. Thanks a lot about your information,
i'm studying clearly about it.
Thank you very much...
khanhnq,
--
***********************************
EVERYTHING HAS JUST BEGUN...
On Mon, 18 Apr 2011 17:23:00 +0100, Brian Candler <B.Candler at pobox.com>
wrote:
> On Mon, Apr 18, 2011 at 02:58:29PM +0700, Nguyen, Quoc Khanh wrote:
>> i just want to configure and install Keberos 5 for OpenLDAP system
only.
>> So
>> i have read a lot of document about keberos, and feel that they didn't
>> met
>> my requirement.
>>
>> I... I don't know how to begin with it.
>
> Here are some presentations I did earlier in the year:
>
https://nsrc.org/workshops/2011/sanog17/raw-attachment/wiki/Agenda/kerberos1.pdf
>
https://nsrc.org/workshops/2011/sanog17/raw-attachment/wiki/Agenda/kerberos2.pdf
>
https://nsrc.org/workshops/2011/sanog17/raw-attachment/wiki/Agenda/kerberos3.pdf
>
> And the exercises that went with them:
>
https://nsrc.org/workshops/ws-files/2011/sanog17/exercises/ex1-kerberos-client.html
>
https://nsrc.org/workshops/ws-files/2011/sanog17/exercises/ex2-kerberos-host.html
>
https://nsrc.org/workshops/ws-files/2011/sanog17/exercises/ex3-kerberos-kdc.html
>
https://nsrc.org/workshops/ws-files/2011/sanog17/exercises/ex4-ldap-server.html
>
https://nsrc.org/workshops/ws-files/2011/sanog17/exercises/ex999-lab-setup.html
>
> The presentations are very much in note form - they are not supposed to
> eliminate the need for a presenter to explain what's going on. However
the
> lab setup includes building a KDC plus and OpenLDAP server which
requires
> clients to use Kerberos authentication. You may be able to extract some
> useful hints from it. This is all tested using Ubuntu 10.04 LTS.
>
> In summary I'd say:
> - build your Kerberos KDC (if you don't already have one)
> - get to the point where 'kinit' works
> - build your OpenLDAP server and configure it for GSSAPI authentication
> - use the ldapsearch command line with -Y GSSAPI to test it
>
> HTH,
>
> Brian.
More information about the Kerberos
mailing list