[389-users] About Kerberos and dirsrv

Gioachino Bartolotta gioachino.bartolotta at gmail.com
Wed Jun 15 11:10:10 UTC 2011 

Hi !!

Yes, I want to use 389ds as a backend for kerberos.

So, everything will work just if I import the schemas on 389ds?

Another question. I have actually 2 389ds configured with multimaster
replica, and on each server there is a kdc (1 master and 1 slave).

I have to copy the same keytab on both servers?

Have I also to change the file /etc/sysconfig/saslauthd with these parameters??

MECH_OPTIONS=""
THREADS=5
START=yes
MECHANISMS="ldap"
OPTIONS="-m /var/run/saslauthd

Then ... I am missing something else??

Thank you.

2011/6/15 Juan Carlos Camargo Carrillo <juancar at eprinsa.es>:
> Hi,
>
> It depends.  If you want to use 389ds as a Kerberos database backend  then
> you should import the schema into the directory and yes, you'll need to
> create principals or modify the existing ldap entries to accept kerberos
> attributes, as you've said you did with openldap.  I've done it with my
> 389ds lab and it works.
>
> El mié, 15-06-2011 a las 12:08 +0200, Gioachino Bartolotta escribió:
>
> Hi all,
>
> I have a problem in setup kerberos with 389 and I tried to do using
> the documents available on 389 site and RedHat.
>
> I followed everything, but I am unable to get the initial ticket from
> kerberos. Have I to add these records as I have always done with
> openldap??
>
> dn: ou=KerberosPrincipals,ou=Users,dc=domain
> ou: KerberosPrincipals
> objectClass: top
> objectClass: organizationalUnit
>
> dn:
> krb5PrincipalName=ldapmaster/admin at DOMAN,ou=KerberosPrincipals,ou=Users,dc=domain
> objectClass: top
> objectClass: person
> objectClass: krb5Principal
> objectClass: krb5KDCEntry
> krb5PrincipalName: ldapmaster/admin at DOMAIN
> krb5KeyVersionNumber: 1
> krb5MaxLife: 86400
> krb5MaxRenew: 604800
> krb5KDCFlags: 126
> cn: ldapmaster/admin at domain
> sn: ldapmaster/admin at domain
> userPassword: {MD5}5S2YxFmBmhF3WTbY37t5KQ==
>
> Thanks
>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>



-- 
-------------------------------------------
Gioachino Bartolotta
ICQ #: 9103167
MSN Messenger: astraroth at email.it
Yahoo & Skype: gioachino_bartolotta

More information about the 389-users mailing list