[389-users] About Kerberos and dirsrv
Juan Carlos Camargo Carrillo
juancar at eprinsa.es
Wed Jun 15 10:55:16 UTC 2011
Hi,
It depends. If you want to use 389ds as a Kerberos database backend
then you should import the schema into the directory and yes, you'll
need to create principals or modify the existing ldap entries to accept
kerberos attributes, as you've said you did with openldap. I've done it
with my 389ds lab and it works.
El mié, 15-06-2011 a las 12:08 +0200, Gioachino Bartolotta escribió:
> Hi all,
>
> I have a problem in setup kerberos with 389 and I tried to do using
> the documents available on 389 site and RedHat.
>
> I followed everything, but I am unable to get the initial ticket from
> kerberos. Have I to add these records as I have always done with
> openldap??
>
> dn: ou=KerberosPrincipals,ou=Users,dc=domain
> ou: KerberosPrincipals
> objectClass: top
> objectClass: organizationalUnit
>
> dn: krb5PrincipalName=ldapmaster/admin at DOMAN,ou=KerberosPrincipals,ou=Users,dc=domain
> objectClass: top
> objectClass: person
> objectClass: krb5Principal
> objectClass: krb5KDCEntry
> krb5PrincipalName: ldapmaster/admin at DOMAIN
> krb5KeyVersionNumber: 1
> krb5MaxLife: 86400
> krb5MaxRenew: 604800
> krb5KDCFlags: 126
> cn: ldapmaster/admin at domain
> sn: ldapmaster/admin at domain
> userPassword: {MD5}5S2YxFmBmhF3WTbY37t5KQ==
>
> Thanks
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20110615/f6b808cd/attachment.html>
More information about the 389-users
mailing list