Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 07-31-2007, 01:58 PM   #1
Registered: Mar 2005
Location: chicago
Distribution: red hat 9.0
Posts: 59

Rep: Reputation: 15
Question OpenLDAP authenticate against Kerberos?

We want to use OpenLDAP for user to login to linux machine and a successful login should issue a kerberos ticket for the user as well. However, we don't want to have 2 separate passwords for the user (even administrator creates both passwd for OpenLDAP and passwd for Kerberos as the same at the very beginning but users can possibly modify them to be different).

Now, PAM_LDAP is used perfectly for user login (as "posixAccount" in OpenLDAP). But the password is the one stored locally in OpenLDAP as well (something like "userPassword: {crypt}sth" in the LDIF file for a user) I read somewhere that this password can be written as the following to inform OpenLDAP to use Kerberos for password:

userPassword: {KERBEROS}principal@REALM
But I tried and this didn't work and this is the error message (correct password was used):

slapd[14102]: conn=62 op=3 RESULT tag=97 err=49 text=
pam_ldap: error trying to bind as user "uid=SOMEONE,ou=People,dc=COMPANY,dc=com" (Invalid credentials)
Any thoughts? Is this supported in current OpenLDAP?


//mod note - not a networking question. moved to Linux - Server.

Last edited by acid_kewpie; 07-31-2007 at 02:07 PM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Getting squid to authenticate to OpenLDAP Server fluff Linux - Networking 12 06-11-2010 06:20 PM
getting a linux client to authenticate against OpenLDAP server mars_fun_size Linux - Software 1 03-15-2007 04:22 AM
cannot authenticate to AD after Kerberos client install bret Linux - Security 4 02-02-2006 06:14 PM
Kerberos Krizzc Slackware 0 10-21-2004 08:10 AM
Kerberos krieger Linux - Security 1 01-29-2002 02:40 PM

All times are GMT -5. The time now is 02:04 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration