[389-users] MIT Kerberos and FDS integration

Rob Crittenden rcritten at redhat.com
Tue Jul 21 02:33:33 UTC 2009


John Robert Mendoza wrote:
> Thanks for the reply Rob.
> 
> I did manage to solve the error by changing the permissions on the 
> ds.keytab file.
> 
> I can finally do ldapsearch with gssapi.  BTW, I was just wondering, 
> would there be any way i can make ldap as the database for the kerberos 
> principals.
> 
> Isn't it that when get a ticket from kerberos it supposed to look into 
> ldap for its principals?

Yes, MIT kerberos has an LDAP backend that you can use. You might want 
to look into the IPA project at http://www.freeipa.org/ This is exactly 
what it does (among other things). It might give you some pointers how 
to configure things at a minimum.

rob

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20090720/d4f23974/attachment.bin>


More information about the 389-users mailing list