Hello, Thanks for this, but still can't solve my problem!I have followed pretty much the instructions in the following to get ldap/kerberos to work togetherhttp://www.rjsystems.nl/en/2100-d6-kerberos-openldap-provider.php#ausr I can successfully now create kerberos ticket and check, but I don't understand why the binding doesn't work any more as it was before integrating Kerberos!Here are the errors I get in the ldap/kerb server provider while trying to login using "aahmed" user Feb 13 21:16:53 ldap slapd[12064]: conn=1004 fd=24 ACCEPT from IP=203.28.247.193:50420 (IP=0.0.0.0:389)Feb 13 21:16:53 ldap slapd[12064]: conn=1004 op=0 BIND dn="" method=128Feb 13 21:16:53 ldap slapd[12064]: conn=1004 op=0 RESULT tag=97 err=0 text=Feb 13 21:16:53 ldap slapd[12064]: conn=1004 op=1 SRCH base="ou=People,dc=domain,dc=com" scope=2 deref=0 filter="(&(objectClass=*)(uid=aahmed))"Feb 13 21:16:53 ldap slapd[12064]: conn=1004 op=1 SRCH attr=uid cn mail modifyTimestampFeb 13 21:16:53 ldap slapd[12064]: conn=1004 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text=Feb 13 21:16:53 ldap slapd[12064]: conn=1004 op=2 UNBINDFeb 13 21:16:53 ldap slapd[12064]: conn=1004 fd=24 closed
Any idea how can I solve this? Thanks. > Date: Wed, 13 Feb 2013 08:05:07 +0100 > From: [email protected] > To: [email protected] > CC: [email protected] > Subject: Re: decrypting the user password > > Hello. > > On 02/13/2013 05:53 AM, Asmaa Ahmed wrote: > > I am having kerberos MIT integrated to LDAP as a backend which is > > good so far.The problem that I have some applications doesn't support > > Kerberos to restore the user credentials. > > Do they support authentication with LDAP? If so, you can configure your > LDAP server to use SASL to check the user passwords against Kerberos. > See this article: > http://thomas.dereyck.eu/wiki/Setting%20up%20an%20LDAP%20server#Enabling_pass-through_authentication_to_Kerberos > > > I wonder if I can decrypt > > the password from Kerberos server manually to have it in a plaintext, > > As Chris said, that's a big security risk and completely defeats > Kerberos' purpose. If the applications don't allow any external > authentication, you might be able to find a plug-in that sits between > the application and the DB that intercepts the auth requests and > services them with SASL or Kerberos directly. > > Sincerely, > Sean M. Pappalardo > Sr. Networks Engineer > Renegade Technologies > [email protected] > Office: (630) 631-6188 > http://www.renegadetech.com > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
