[30281] in Kerberos
Managing kerberos entity through LDAP
daemon@ATHENA.MIT.EDU (krb@htam.net)
Wed Sep 10 11:15:42 2008
Date: Tue, 9 Sep 2008 15:55:07 +0200
From: krb@htam.net
To: kerberos@mit.edu
Message-ID: <20080909135507.GA14716@htam.net>
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi everyone,
I'm trying to set a kerberos KDC to use a LDAP-backend (OpenLDAP). I would like to reduce
most
of the action performed through kadmin tool.
For example, I would like to be able to create principals with "ldif" file", especially, my
users and computers are convenniantly organized in my LDAP directory and all informations
(LDAP attributes, kerberos atributes, ...) relative to each other are stored in a single
entry DN.
I defininately don't want LDAP entries like krbPrincipalName=...,cn=MYREALM.COM,o=... for
standard users and computers (except for the mandatory ones).
Do you have any hints on doing this with kerberos 1.6 and OpenLDAP 2.4.11 ?
I have tried to "copy" a previously kdc-created kerberos entry in my LDAP, modifying
some of the fields and changing the password with kadmin but I can't use it to authenticate.
It seems I have hard time with the "binary" attributes krbExtraData or the management of the
krbTicketFlags.
Thank you in advance for any advice or answer,
Sincerely yours, Mathieu MILLET
--
Mathieu MILLET
mailto:krb@htam.net
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos