LDAP realm config

Jason Gerfen jason.gerfen at gmail.com
Fri Sep 21 08:24:45 EDT 2007 

I am not sure how off topic or how useful this is but I added some
code to the pam_krb5 module that incorporates LDAP functionality to
allow for the creation of password-less local accounts in linux.
Currently I have only tested it on SuSE 10 and Gentoo distro's and it
utilizes Active Directory w/ the AD4Unix schema modification. I setup
a project at sourceforge as krb5+ldap if it is any help.

On 9/21/07, Savitha R <rsavitha at novell.com> wrote:
> Currently, only a few attributes( like maxticketlife, maxrenewlife and ticketflags)
> of the realm configuration in directory is being used.
>
> The long term plan is to add a LDAP plugin when a plugin interface
> for the profile library is available.
>
>
> -Savitha
>
> >>> On Fri, Sep 21, 2007 at  5:44 AM, in message
> <DA147DCC-804C-4814-8DAD-433D2735C9D6 at nearband.com>, Michael Griego
> <mgriego at nearband.com> wrote:
> > I've been playing with the LDAP kdb backend, and was surprised by the
> > fact that the realm configuration attributed in the krbRealmContainer
> > object class aren't used.  Unfortunately, its not clear with the
> > current documentation that a kdc.conf is still needed when using the
> > LDAP kdb plugin.  As such, I've been looking into what it would take
> > to add the code needed to make use of the other realm configuration
> > attributes.
> >
> > I've done a fair amount of investigation into this, and its not a
> > trivial task (which I'm sure is the reason its not there
> > already... :).  Before I go much further, I was curious if anyone had
> > already done any work on this or had any thoughts on the best
> > approach.  One thought I had was to add another hook into the kdb
> > layer for getting realm parameters from the kdb backends.  There are
> > some possible chicken-and-egg scenarios there.
> >
> > Anyway, any input would be appreciated.  I'd really like to see the
> > ability to completely ditch the kdc.conf, stash file, and perhaps
> > even the kadm5.acl in favor of directory configuration.
> >
> > --Mike
> >
> >
> > _______________________________________________
> > krbdev mailing list             krbdev at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/krbdev
>
>
>
> _______________________________________________
> krbdev mailing list             krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
>


-- 
Jason Gerfen
jason.gerfen at gmail.com

More information about the krbdev mailing list