[28646] in Kerberos
Re: MIT Kerberos LDAP backend
daemon@ATHENA.MIT.EDU (Roberto =?iso-8859-1?Q?C=2E_S=E1nc)
Fri Nov 2 15:47:30 2007
Date: Fri, 2 Nov 2007 15:47:10 -0400
From: Roberto =?iso-8859-1?Q?C=2E_S=E1nchez?= <roberto@connexer.com>
To: kerberos@mit.edu
Message-ID: <20071102194710.GA11006@connexer.com>
MIME-Version: 1.0
In-Reply-To: <fgf3n9$4ps$1@news.liv.ac.uk>
Content-Type: multipart/mixed; boundary="===============0771326995=="
Errors-To: kerberos-bounces@mit.edu
--===============0771326995==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="3MwIy2ne0vdjdPXF"
Content-Disposition: inline
--3MwIy2ne0vdjdPXF
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Nov 02, 2007 at 12:03:50PM +0000, John Gilbertson wrote:
> Hi, we're looking into trying to integrate Kerberos with our existing=20
> user authentication/authorization systems, after seeing that there was=20
> an LDAP integration option, since all of our user data is available via=
=20
> LDAP.
>=20
> However on further reading I'm not 100% clear on how the integration=20
> works. Is it possible to just use the LDAP integration for user=20
> authentication without having to give Kerberos write access to LDAP?
>=20
> If write access is required, what information is stored in LDAP, and=20
> where? As extra data in a user's nod,e or in a separate subtree?
>=20
I don't think that write access is a requirement. That is, I have not
had to implement it like that. Here is the HOWTO I followed (more or
less):
http://aput.net/~jheiss/krbldap/howto.html
Regards,
-Roberto
--=20
Roberto C. S=E1nchez
http://people.connexer.com/~roberto
http://www.connexer.com
--3MwIy2ne0vdjdPXF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHK36+5SXWIKfIlGQRAvOZAJ9dIzg59bGfRyhIcNlqA7qWQ3E7+ACgnAxw
E4QabFpa6u9MBchFVAa+qys=
=XXxt
-----END PGP SIGNATURE-----
--3MwIy2ne0vdjdPXF--
--===============0771326995==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============0771326995==--
