[29646] in Kerberos
Re: Samba authentication to Kerberos via OpenLDAP, third and last try
daemon@ATHENA.MIT.EDU (=?ISO-8859-1?Q?Michael_Str=F6der?=)
Mon Apr 7 05:00:43 2008
From: =?ISO-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com>
Date: Mon, 07 Apr 2008 10:56:03 +0200
Message-ID: <464pc5-icc.ln1@nb2.stroeder.com>
Mime-Version: 1.0
X-Complaints-To: usenet-abuse@t-online.de
In-Reply-To: <mailman.3.1207334045.6796.kerberos@mit.edu>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Wes Modes wrote:
> Thanks, Sean. I've set up the OpenLDAP to Kerberos connection using
> Saslauthd and the {SASL}username@MYREALM.EDU. That part at least is
> indeed possible.
> [..]
> I know now that I can't just plug them in end-to-end and expect them to
> work. But I was hoping that experts on this and the OpenLDAP list would
> suggest creative solutions. I'm open to creative hacks and use contrary
> to labeling.
Maybe you should think about why "creative hacks" are not a good idea
and therefore the experts do not suggest any. Kerberos has a certain
security model. For security reasons the TGT is not something which
should be stored everywhere. I also consider the saslauthd hack with
{SASL}username@MYREALM.EDU to be not acceptable.
Ciao, Michael.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
