[38043] in Kerberos
Re: Kerberos and LDAP password sync question
daemon@ATHENA.MIT.EDU (Brennecke, Simon)
Wed Aug 2 00:03:46 2017
From: "Brennecke, Simon" <simon.brennecke@sap.com>
To: Lucas Dutra <lucasdutraveiga3@gmail.com>
Date: Wed, 2 Aug 2017 04:03:26 +0000
Message-ID: <17db4a301c1f44f69f13b888d8d9bdae@sap.com>
Content-Language: en-US
MIME-Version: 1.0
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi Lucas,
I use a rather complex setup using MIT Kerberos, FreeRadius and OpenLDAP.
Passwords are in LDAP. The KDC does not hold any user passwords and instead asks the Radius Server to verify passwords, which in turn goes through PAM and then to LDAP.
The setup requires you clients to support PKINIT/FAST, which I guess most clients do, but require additional setup.
Also you can do OTP using this setup - even switchable per user via LDAP.
If you have any questions regarding details, feel free to ask.
Regards
Simon
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
