Thanks Rob.

I have looked into the Free IPA project and somehow I just want to setup Kerberos 1.6 with its principal database in FDS 1.2.0.

Isnt it that when I add an entry to the FDS and try to kinit with the name of the entry i just added, is kerberos supposed to give me a ticket?

John Robert Mendoza

--- On Tue, 7/21/09, Rob Crittenden <rcritten@redhat.com> wrote:

From: Rob Crittenden <rcritten@redhat.com>
Subject: Re: [389-users] MIT Kerberos and FDS integration
To: "General discussion list for the 389 Directory server project." <fedora-directory-users@redhat.com>
Date: Tuesday, 21 July, 2009, 10:33 AM

John Robert Mendoza wrote:
> Thanks for the reply Rob.
>
> I did manage to solve the error by changing the permissions on the ds.keytab file.
>
> I can finally do ldapsearch with gssapi. BTW, I was just wondering, would there be any way i can make ldap as the database for the kerberos principals.
>
> Isn't it that when get a ticket from kerberos it supposed to look into ldap for its principals?

Yes, MIT kerberos has an LDAP backend that you can use. You might want to look into the IPA project at http://www.freeipa.org/ This is exactly what it does (among other things). It might give you some pointers how to configure things at a minimum.

rob

-----Inline Attachment Follows-----

--
389 users mailing list
389-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Yahoo! Toolbar is now powered with Search Assist. Download it now!