Hi, I was wondering if anyone tried a configuration with Kerberos using LDAP as database. After some searching it seems that MIT kerberos is not capable to do that. However, Heimdal has a special option for that. The only problem is that this option is applicable only to openldap and only to unix socket connections. At least that''s what is told in the doc and in numerous howtos. There is also a special schema extension for storing these data in openLDAP. I haven''t found these objects (krb* or kerberos*) in FDS schema.... Can anyone tell anything about a possibility of using Kerberos with the key/principals database stored in Fedora Directory Server, please? Thank you Andrey Ivanov tel +33-(0)1-69-33-99-24 fax +33-(0)1-69-33-99-55 Direction des Systemes d''Information Ecole Polytechnique 91128 Palaiseau CEDEX France
Richard Megginson
2006-Feb-02 14:38 UTC
Re: [Fedora-directory-users] Kerberos database in FDS?
Andrey Ivanov wrote:>Hi, > >I was wondering if anyone tried a configuration with Kerberos using >LDAP as database. After some searching it seems that MIT kerberos is >not capable to do that. >Newer versions of MIT are better at this - they have more support for pluggable databases.>However, Heimdal has a special option for >that. The only problem is that this option is applicable only to >openldap and only to unix socket connections. At least that''s what is >told in the doc and in numerous howtos. >That is correct. I suppose Heimdal could be hacked to use a regular tcp socket instead of the ldapi interface.>There is also a special schema >extension for storing these data in openLDAP. I haven''t found these >objects (krb* or kerberos*) in FDS schema.... > >It''s not included with Fedora DS, but you could easily convert it and add it.>Can anyone tell anything about a possibility of using Kerberos with >the key/principals database stored in Fedora Directory Server, please? > > >Thank you > >Andrey Ivanov >tel +33-(0)1-69-33-99-24 >fax +33-(0)1-69-33-99-55 > >Direction des Systemes d''Information >Ecole Polytechnique >91128 Palaiseau CEDEX >France > >-- >Fedora-directory-users mailing list >Fedora-directory-users@redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > >
Andreas Hasenack
2006-Feb-03 02:04 UTC
Re: [Fedora-directory-users] Kerberos database in FDS?
Em Quinta 02 Fevereiro 2006 12:38, Richard Megginson escreveu:> Andrey Ivanov wrote: > > >Hi, > > > >I was wondering if anyone tried a configuration with Kerberos using > >LDAP as database. After some searching it seems that MIT kerberos is > >not capable to do that. > > > Newer versions of MIT are better at this - they have more support for > pluggable databases.How newer? You are not talking about a stable release (like 1.4.x), are you?
Richard Megginson
2006-Feb-03 02:50 UTC
Re: [Fedora-directory-users] Kerberos database in FDS?
Andreas Hasenack wrote:>Em Quinta 02 Fevereiro 2006 12:38, Richard Megginson escreveu: > > >>Andrey Ivanov wrote: >> >> >> >>>Hi, >>> >>>I was wondering if anyone tried a configuration with Kerberos using >>>LDAP as database. After some searching it seems that MIT kerberos is >>>not capable to do that. >>> >>> >>> >>Newer versions of MIT are better at this - they have more support for >>pluggable databases. >> >> > >How newer? You are not talking about a stable release (like 1.4.x), are you? > >I don''t remember. Probably not - it''s probably not stable yet.>-- >Fedora-directory-users mailing list >Fedora-directory-users@redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > >