[27053] in Kerberos
Re: Kerberos Questions
daemon@ATHENA.MIT.EDU (Evan Vittitow)
Thu Nov 16 16:24:11 2006
Message-ID: <455CD66A.4030708@terralab.com>
Date: Thu, 16 Nov 2006 16:21:46 -0500
From: Evan Vittitow <evan@terralab.com>
MIME-Version: 1.0
To: Michael Stanton <stantmk@pacbell.net>, kerberos@MIT.EDU
In-Reply-To: <20061116195951.50218.qmail@web81014.mail.mud.yahoo.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@MIT.EDU
I'm going to assume you are running Linux. I do LDAP with NSS and
Kerberos with PAM. No, you don't tell LDAP to verify with the {kerberos}
property. Thats a security risk. MIT Kerberos cannot use LDAP as a backend.
Heimdal Can. There is a schema in LDAP called kerberosecurityobject,
That is what would hold MIT Kerberos Credentials IF MIT Kerberos
supported LDAP. Heimdal has its own Schema.
GSSAPI applies to Samba, PostFix, Apache, and SSH with Kerberos support
SASL with GSSAPI applies to OpenLDAP Authenticating autonymously
against another OpenLDAP for reasons of replication.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
