On Mon, Nov 12, 2007 at 08:06:43PM +0600, Konstantin Verba wrote: > Hello, I'm trying to setup Single Sign-On useing mit kerberos and openldap. > I've already have slapd configured and running, and created kerberos > containers in ldap with kdb5_ldap_util. But as I can see, I have two > different trees of entities, one is the krbcontainer tree and another is my > ou, where I keep test user's account with inetOrgPerson (structural) > objectClass. Problem is I want that user authentificate with kerberos and > then get access to uid and other data in ldap. Howto to keep this all > together? I've already created mixed object class with inetorgperson and > krbperson as parents, but krbPrincipalName and uid are steel different > fields.
I accomplished something like what you are describing by not putting any kerberos-related information into LDAP and telling PAM on the clients to autenticate against kerberos and to get everything else from LDAP. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
