On Mon, Nov 12, 2007 at 08:55:52PM +0600, Konstantin Verba wrote: > On Monday 12 November 2007 20:15:12 Roberto C. Sánchez wrote: > > On Mon, Nov 12, 2007 at 08:06:43PM +0600, Konstantin Verba wrote: > > > Hello, I'm trying to setup Single Sign-On useing mit kerberos and > > > openldap. I've already have slapd configured and running, and created > > > kerberos containers in ldap with kdb5_ldap_util. But as I can see, I have > > > two different trees of entities, one is the krbcontainer tree and another > > > is my ou, where I keep test user's account with inetOrgPerson > > > (structural) objectClass. Problem is I want that user authentificate with > > > kerberos and then get access to uid and other data in ldap. Howto to keep > > > this all together? I've already created mixed object class with > > > inetorgperson and krbperson as parents, but krbPrincipalName and uid are > > > steel different fields. > > > > I accomplished something like what you are describing by not putting any > > kerberos-related information into LDAP and telling PAM on the clients to > > autenticate against kerberos and to get everything else from LDAP. > > > > Regards, > > > > -Roberto > > In such a case, I don't see any difference between useing separate ldap tree > or not useing ldap at all. I think all the trick you are talking about is in > the pam configuration, am I right? > Yes. It is basically telling PAM to look one place for some things and another place for everything else.
Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
