Re: Kerberos OpenLDAP Frontend
- From: "Douglas E. Engert" <deengert@xxxxxxx>
- Date: Tue, 25 Sep 2007 14:05:07 -0500
Jonathan Javier Cordoba Gonzalez wrote:
Ok Douglas....
It means that we need to have two databases??
I think they could be the same, or at least on the same servers,
but then you are mixing the authentication with the authorization.
But your authentication realm maybe enterprise wide, where as you
authorization domain may be departmental. i.e. home directories,
user names, uids, may be local.
Also keep in mind that only the KDC needs access to its data
where as the authorization data can be read by almost any host.
A KDC with passwords and LDAP
with profile information?
Thanks
Jonathan Córdoba
Certified Ethical Hacker (CEH)
GIAC Certified Forensics Analyst (GCFA)
CompTIA Security+ Certified Professional
Ing. Seguridad Universidad de los Andes
Dirección de Tecnologías de Información (D.T.I.)
Bogotá - Colombia
-----Original Message-----
From: Douglas E. Engert [mailto:deengert@xxxxxxx] Sent: Martes, 25 de Septiembre de 2007 09:40 a.m.
To: Jonathan Javier Cordoba Gonzalez
Subject: Re: Kerberos OpenLDAP Frontend
Jonathan Javier Cordoba Gonzalez wrote:Hi Douglas,
I actually try to use the LDAP to store the KDC data... I guess that it
means more performance and administrative...
That I have not tried. We are using AD as the KDCs. with OpenLDAP
for the nss-ldap.
Jonathan Córdoba
Certified Ethical Hacker (CEH)
GIAC Certified Forensics Analyst (GCFA)
CompTIA Security+ Certified Professional
Ing. Seguridad Universidad de los Andes
Dirección de Tecnologías de Información (D.T.I.)
Bogotá - Colombia
-----Original Message-----
From: Douglas E. Engert [mailto:deengert@xxxxxxx] Sent: Martes, 25 de Septiembre de 2007 08:56 a.m.
To: Jonathan Javier Cordoba Gonzalez
Cc: kerberos@xxxxxxx
Subject: Re: Kerberos OpenLDAP Frontend
Jonathan Javier Cordoba Gonzalez wrote:Hi,make
I’m confuse about the openldap frontend…
Anybody have a guide, tutorial or a step-by-step procedure in order tothe connection, create the initial LDAP DB and how it works??You may be confusing the LDAP used by the KDC to store it data,
I don’t understand the sequence when a user wants authenticate…
and an LDAP used by something like nss-ldap that stores what
would have been found on /etc/passwd or NIS.
So kinit and pam_krb5 can do the authentication as they always have,
to the KDC, then when kinit or pam_krb5 calls getpwnam this calls
the nss-ldap routines via /etc/nsswitch.conf.
Thanks a lot.
Jonathan Córdoba
Certified Ethical Hacker (CEH)
GIAC Certified Forensics Analyst (GCFA)
CompTIA Security+ Certified Professional
Ing. Seguridad Universidad de los Andes
Dirección de Tecnologías de Información (D.T.I.)
Bogotá - Colombia
________________________________________________
Kerberos mailing list Kerberos@xxxxxxx
https://mailman.mit.edu/mailman/listinfo/kerberos
--
Douglas E. Engert <DEEngert@xxxxxxx>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
.
- Prev by Date: RE: Kerberos OpenLDAP Frontend
- Next by Date: Re: Problems with kadmind, kpasswd and cross-realm authentication
- Previous by thread: RE: Kerberos OpenLDAP Frontend
- Next by thread: question about cross-realm auth
- Index(es):
Relevant Pages
|
