Ok Douglas.... It means that we need to have two databases?? A KDC with passwords and LDAP with profile information?
Thanks Jonathan Córdoba Certified Ethical Hacker (CEH) GIAC Certified Forensics Analyst (GCFA) CompTIA Security+ Certified Professional Ing. Seguridad Universidad de los Andes Dirección de Tecnologías de Información (D.T.I.) Bogotá - Colombia -----Original Message----- From: Douglas E. Engert [mailto:[EMAIL PROTECTED] Sent: Martes, 25 de Septiembre de 2007 09:40 a.m. To: Jonathan Javier Cordoba Gonzalez Subject: Re: Kerberos OpenLDAP Frontend Jonathan Javier Cordoba Gonzalez wrote: > Hi Douglas, > > I actually try to use the LDAP to store the KDC data... I guess that it > means more performance and administrative... That I have not tried. We are using AD as the KDCs. with OpenLDAP for the nss-ldap. > > > Jonathan Córdoba > Certified Ethical Hacker (CEH) > GIAC Certified Forensics Analyst (GCFA) > CompTIA Security+ Certified Professional > Ing. Seguridad Universidad de los Andes > Dirección de Tecnologías de Información (D.T.I.) > Bogotá - Colombia > > > -----Original Message----- > From: Douglas E. Engert [mailto:[EMAIL PROTECTED] > Sent: Martes, 25 de Septiembre de 2007 08:56 a.m. > To: Jonathan Javier Cordoba Gonzalez > Cc: [email protected] > Subject: Re: Kerberos OpenLDAP Frontend > > > > Jonathan Javier Cordoba Gonzalez wrote: >> Hi, >> >> >> >> Im confuse about the openldap frontend >> >> >> >> Anybody have a guide, tutorial or a step-by-step procedure in order to > make >> the connection, create the initial LDAP DB and how it works?? >> >> >> >> I dont understand the sequence when a user wants authenticate > > You may be confusing the LDAP used by the KDC to store it data, > and an LDAP used by something like nss-ldap that stores what > would have been found on /etc/passwd or NIS. > So kinit and pam_krb5 can do the authentication as they always have, > to the KDC, then when kinit or pam_krb5 calls getpwnam this calls > the nss-ldap routines via /etc/nsswitch.conf. > > > >> >> >> Thanks a lot. >> >> >> >> Jonathan Córdoba >> >> Certified Ethical Hacker (CEH) >> >> GIAC Certified Forensics Analyst (GCFA) >> >> CompTIA Security+ Certified Professional >> >> Ing. Seguridad Universidad de los Andes >> >> Dirección de Tecnologías de Información (D.T.I.) >> >> Bogotá - Colombia >> >> >> >> ________________________________________________ >> Kerberos mailing list [email protected] >> https://mailman.mit.edu/mailman/listinfo/kerberos >> >> > -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
