LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 07-31-2007, 12:58 PM   #1
licht
Member
 
Registered: Mar 2005
Location: chicago
Distribution: red hat 9.0
Posts: 59

Rep: Reputation: 15
Question OpenLDAP authenticate against Kerberos?


We want to use OpenLDAP for user to login to linux machine and a successful login should issue a kerberos ticket for the user as well. However, we don't want to have 2 separate passwords for the user (even administrator creates both passwd for OpenLDAP and passwd for Kerberos as the same at the very beginning but users can possibly modify them to be different).

Now, PAM_LDAP is used perfectly for user login (as "posixAccount" in OpenLDAP). But the password is the one stored locally in OpenLDAP as well (something like "userPassword: {crypt}sth" in the LDIF file for a user) I read somewhere that this password can be written as the following to inform OpenLDAP to use Kerberos for password:

Quote:
userPassword: {KERBEROS}principal@REALM
But I tried and this didn't work and this is the error message (correct password was used):

Quote:
slapd[14102]: conn=62 op=3 RESULT tag=97 err=49 text=
pam_ldap: error trying to bind as user "uid=SOMEONE,ou=People,dc=COMPANY,dc=com" (Invalid credentials)
Any thoughts? Is this supported in current OpenLDAP?

Thanks!

//mod note - not a networking question. moved to Linux - Server.

Last edited by acid_kewpie; 07-31-2007 at 01:07 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Getting squid to authenticate to OpenLDAP Server fluff Linux - Networking 12 06-11-2010 05:20 PM
getting a linux client to authenticate against OpenLDAP server mars_fun_size Linux - Software 1 03-15-2007 03:22 AM
cannot authenticate to AD after Kerberos client install bret Linux - Security 4 02-02-2006 05:14 PM
Kerberos Krizzc Slackware 0 10-21-2004 07:10 AM
Kerberos krieger Linux - Security 1 01-29-2002 01:40 PM


All times are GMT -5. The time now is 10:59 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration