Quoting "rektide" <[EMAIL PROTECTED]>:
> Is it still mainly all about having [EMAIL PROTECTED] in
> userPassword?
Nowadays it's {SASL}, not {KERBEROS}.
> I noticed Turbo's guide never gives LDAP a keytab entry. His setup
> didnt require LDAP to do any writing to kerberos, so it was
> unnecessary. Is this still the case?
Since I've separated AUTHENTICATION and AUTHORIZATION, there's no need
for an LDAP/slapd keytab...
Passwords is in Kerberos (AUTHENTICATION) and information is in LDAP
(AUTHORIZATION). I didn't want to put the passwords in the LDAP backend,
because that would create a circular dependency which I didn't want (I
have to many of those anyway :).
> Of note, I do plan on running the KX509 / KCA setup off this at some
> point in the not too distant future. I'm running Heimdal and OpenLDAP
> 2.3.
Only Heimdal can have it's password database in LDAP. I'm still running
MIT Kerberos V and have no intention to change. The MIT version works
fine for me.
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
