MIT Kerberos, Smaba 3x and OpenLDAP Integration

Vinayak Hegde hvinayak at
Mon Dec 12 06:48:40 EST 2005

 Here is the requirement from the Samba 3.x, OpenLDAP and 
MIT Kerberos integration to provide a single sign on:

 The MIT Kerberos will soon have OpenLDAP pulug-in under 
DAL (Database Abstraction Layer), so that the principal and the 
related information can be stored on OpenLDAP. 

 If the same site has the Samba 3.x providing services for both 
Linux and Windows users, having OpenLDAP as the data store,
then Kerberos and Samba will maintain different set of information
corresponding to the application, which are not integrated. 

Following are the overheads:
i) the user will have to remember password for each of the 
ii) the administrator will have to administer the account and 
 password policies of the same user separately for the respective

In such a case, if we provide an integration between Samba users
and MIT Kerberos users to have LDAP user password as the 
common password  it would mean single sign on.

Additionally we can integrate the policies between MIT Kerberos
 and Samba to tighten the account and password policy 

Any comments?


More information about the krbdev mailing list