[29025] in Kerberos
Re: Heimdal KDC, Windows XP and local users
daemon@ATHENA.MIT.EDU (Javier Palacios)
Mon Jan 14 06:28:42 2008
Message-ID: <a64bf030801140327ub0f309fo3a55c8ca24c7689f@mail.gmail.com>
Date: Mon, 14 Jan 2008 12:27:58 +0100
From: "Javier Palacios" <javiplx@gmail.com>
To: volkmar.glauche@uniklinik-freiburg.de
In-Reply-To: <1200308766.5134.26.camel@nz23161.ukl.uni-freiburg.de>
MIME-Version: 1.0
Content-Disposition: inline
Cc: kerberos <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Jan 14, 2008 12:06 PM, Volkmar Glauche
<volkmar.glauche@uniklinik-freiburg.de> wrote:
> > Sure. But this again means the toil of maintaining two databases: the
> > NIS map and the KDC database.
>
> I think you will need two databases: one for kerberos credentials and
> another one for account information. Kerberos does not tell you about a
> user's home directory or shell...
You don't need two databases. Both heimdal and MIT current versions
allow LDAP as "database" for credentials so you have a single
database. I've not used MIT, but I've been using heimdal-ldap for a
long time without problems.
Maybe you need two interfaces, but just because you cannot set the
password using only LDAP tools (unless you know the internals of the
way passwords are encoded into the kerberos repository).
Javier Palacios
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
