[30281] in Kerberos

home help back first fref pref prev next nref lref last post

Managing kerberos entity through LDAP

daemon@ATHENA.MIT.EDU (krb@htam.net)
Wed Sep 10 11:15:42 2008

Date: Tue, 9 Sep 2008 15:55:07 +0200
From: krb@htam.net
To: kerberos@mit.edu
Message-ID: <20080909135507.GA14716@htam.net>
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

Hi everyone,

I'm trying to set a kerberos KDC to use a LDAP-backend (OpenLDAP). I would like to reduce 
most 
of the action performed through kadmin tool.

For example, I would like to be able to create principals with "ldif" file", especially, my 
users and computers are convenniantly organized in my LDAP directory and all informations 
(LDAP attributes, kerberos atributes, ...) relative to each other are stored in a single 
entry DN.

I defininately don't want LDAP entries like krbPrincipalName=...,cn=MYREALM.COM,o=... for 
standard users and computers (except for the mandatory ones).

Do you have any hints on doing this with kerberos 1.6 and OpenLDAP 2.4.11 ?

I have tried to "copy" a previously kdc-created kerberos entry in my LDAP, modifying 
some of the fields and changing the password with kadmin but I can't use it to authenticate.

It seems I have hard time with the "binary" attributes krbExtraData or the management of the 
krbTicketFlags.

Thank you in advance for any advice or answer,
Sincerely yours, Mathieu MILLET

--
Mathieu MILLET
mailto:krb@htam.net
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post