This is probably a question for the OpenLDAP list, but I'm pretty sure that
openldap doesn't support kerberos authentication natively, they chose to go
with SASL instead which supports the GSSAPI method which supports Kerberos 5.
So I don't think you can use the entry you use for the 'rootpw'
Decrypt integrity check errors usually point to a keytab problem. Although
I'm somewhat unsure why you had to copy your kadm5.keytab from the master
server, you should have instead created keytabs for each host. In my setup (we
use Solaris 9 SEAM KDCs with Solaris 9 and Red Hat clients) for each
Read the man page for kadm5.acl. This file controls access and delegation for
the kerberos database. I'm pretty sure it can do most if not all of what you
want.
-Michael
--- [EMAIL PROTECTED] wrote:
Hi
I'm new to Kerberos so forgive the question...this is about the use of
kadmin access
Not to offend you, but a simple google search for single sign-on kerberos
reveals a lot of information on this subject. The 2nd link that came up for me
was a guide to Kerberos single sign-on in Java:
http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/single-signon.html
Hope this helps get
Many thanks to the people that helped me with this.
After a few dead ends I decided to just compile the MIT code on my Solaris 9
box and see if the kprop included with that would work. Turns out it worked
just fine, and communicated with the Sun SEAM KDCs with no problems. I'm not
sure at what
I have scoured the internet for information on this error and found what should
be the answer in the Kerberos FAQ, only it still isn't working.
I'm running from kdc1:
/usr/krb5/sbin/kdb5_util dump /usr/krb5/lib/krb5kdc/slave_datatrans
then:
/usr/krb5/sbin/kprop -f
