Kerberos and LDAP password sync question
Brennecke, Simon
simon.brennecke at sap.com
Wed Aug 2 00:03:26 EDT 2017
Hi Lucas,
I use a rather complex setup using MIT Kerberos, FreeRadius and OpenLDAP.
Passwords are in LDAP. The KDC does not hold any user passwords and instead asks the Radius Server to verify passwords, which in turn goes through PAM and then to LDAP.
The setup requires you clients to support PKINIT/FAST, which I guess most clients do, but require additional setup.
Also you can do OTP using this setup - even switchable per user via LDAP.
If you have any questions regarding details, feel free to ask.
Regards
Simon
More information about the Kerberos
mailing list