[28716] in Kerberos
Re: mit kerberos and openldap
daemon@ATHENA.MIT.EDU (Roberto =?iso-8859-1?Q?C=2E_S=E1nc)
Mon Nov 12 09:15:33 2007
Date: Mon, 12 Nov 2007 09:15:12 -0500
From: Roberto =?iso-8859-1?Q?C=2E_S=E1nchez?= <roberto@connexer.com>
To: kerberos@mit.edu
Message-ID: <20071112141512.GD7243@connexer.com>
MIME-Version: 1.0
In-Reply-To: <200711122006.43089.crypt@sibinco.ru>
Content-Type: multipart/mixed; boundary="===============0527295532=="
Errors-To: kerberos-bounces@mit.edu
--===============0527295532==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="YToU2i3Vx8H2dn7O"
Content-Disposition: inline
--YToU2i3Vx8H2dn7O
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Nov 12, 2007 at 08:06:43PM +0600, Konstantin Verba wrote:
> Hello, I'm trying to setup Single Sign-On useing mit kerberos and openld=
ap.=20
> I've already have slapd configured and running, and created kerberos=20
> containers in ldap with kdb5_ldap_util. But as I can see, I have two=20
> different trees of entities, one is the krbcontainer tree and another is =
my=20
> ou, where I keep test user's account with inetOrgPerson (structural)=20
> objectClass. Problem is I want that user authentificate with kerberos and=
=20
> then get access to uid and other data in ldap. Howto to keep this all=20
> together? I've already created mixed object class with inetorgperson and=
=20
> krbperson as parents, but krbPrincipalName and uid are steel different=20
> fields.=20
I accomplished something like what you are describing by not putting any
kerberos-related information into LDAP and telling PAM on the clients to
autenticate against kerberos and to get everything else from LDAP.
Regards,
-Roberto
--=20
Roberto C. S=E1nchez
http://people.connexer.com/~roberto
http://www.connexer.com
--YToU2i3Vx8H2dn7O
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHOF/w5SXWIKfIlGQRAspjAKDF8ISVdfLMWDPKBP+SNbLEUoTNQwCg04zK
pnAqJt50twFO1csNQiUYUaE=
=gt84
-----END PGP SIGNATURE-----
--YToU2i3Vx8H2dn7O--
--===============0527295532==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============0527295532==--
