[28718] in Kerberos
Re: mit kerberos and openldap
daemon@ATHENA.MIT.EDU (Konstantin Verba)
Mon Nov 12 09:56:17 2007
From: Konstantin Verba <crypt@sibinco.ru>
To: kerberos@mit.edu
Date: Mon, 12 Nov 2007 20:55:52 +0600
In-Reply-To: <20071112141512.GD7243@connexer.com>
MIME-Version: 1.0
Content-Disposition: inline
Message-Id: <200711122055.52441.crypt@sibinco.ru>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Monday 12 November 2007 20:15:12 Roberto C. Sánchez wrote:> On Mon, Nov 12, 2007 at 08:06:43PM +0600, Konstantin Verba wrote:> > Hello, I'm trying to setup Single Sign-On useing mit kerberos and> > openldap. I've already have slapd configured and running, and created> > kerberos containers in ldap with kdb5_ldap_util. But as I can see, I have> > two different trees of entities, one is the krbcontainer tree and another> > is my ou, where I keep test user's account with inetOrgPerson> > (structural) objectClass. Problem is I want that user authentificate with> > kerberos and then get access to uid and other data in ldap. Howto to keep> > this all together? I've already created mixed object class with> > inetorgperson and krbperson as parents, but krbPrincipalName and uid are> > steel different fields.>> I accomplished something like what you are describing by not putting any> kerberos-related information into LDAP and telling PAM on the clients to> autenticate against kerberos and to get everything else from LDAP.>> Regards,>> -Roberto
In such a case, I don't see any difference between useing separate ldap tree or not useing ldap at all. I think all the trick you are talking about is in the pam configuration, am I right?
-- Konstantin
________________________________________________Kerberos mailing list Kerberos@mit.eduhttps://mailman.mit.edu/mailman/listinfo/kerberos
