On Monday 12 November 2007 20:15:12 Roberto C. Sánchez wrote: > On Mon, Nov 12, 2007 at 08:06:43PM +0600, Konstantin Verba wrote: > > Hello, I'm trying to setup Single Sign-On useing mit kerberos and > > openldap. I've already have slapd configured and running, and created > > kerberos containers in ldap with kdb5_ldap_util. But as I can see, I have > > two different trees of entities, one is the krbcontainer tree and another > > is my ou, where I keep test user's account with inetOrgPerson > > (structural) objectClass. Problem is I want that user authentificate with > > kerberos and then get access to uid and other data in ldap. Howto to keep > > this all together? I've already created mixed object class with > > inetorgperson and krbperson as parents, but krbPrincipalName and uid are > > steel different fields. > > I accomplished something like what you are describing by not putting any > kerberos-related information into LDAP and telling PAM on the clients to > autenticate against kerberos and to get everything else from LDAP. > > Regards, > > -Roberto
In such a case, I don't see any difference between useing separate ldap tree or not useing ldap at all. I think all the trick you are talking about is in the pam configuration, am I right? -- Konstantin ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
