[31175] in Kerberos
Re: Kerberos with LDAP backend
daemon@ATHENA.MIT.EDU (Ken Raeburn)
Sat May 23 15:39:04 2009
From: Ken Raeburn <raeburn@MIT.EDU>
To: "Thomas Skora" <thomas@skora.net>
In-Reply-To: <6387.41.178.0.232.1243106883.squirrel@webmail.skora.net>
Message-Id: <FBE6BEB0-E785-4085-B0D8-DA45626F34A2@mit.edu>
Mime-Version: 1.0 (Apple Message framework v935.3)
Date: Sat, 23 May 2009 15:38:08 -0400
Cc: kerberos@MIT.EDU
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@MIT.EDU
On May 23, 2009, at 15:28, Thomas Skora wrote:
> I've set up MIT Kerberos with OpenLDAP from Debian lenny packages
> according to the instructions in the documentation. From the
> functionality
> everything looks fine. The realm subtrees were created in the
> directory,
> the KDC is interacting with the LDAP server, but now I'm stuck at a
> (as it
> seems for me) chicken-egg-problem: to add principals I need a
> principal
> with appropriate permissions. I tried already to create such entries
> in
> LDAP by hand but all tries to use it ended up with the following log
> lines:
You should be able to use kadmin.local to create them. It'll go
through the KDC database layer and contact the LDAP server directly,
and should (like kadmind) be set up to have write access to the
appropriate LDAP data.
--
Ken Raeburn / raeburn@mit.edu / no longer at MIT Kerberos Consortium
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
