Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 07-31-2007, 12:58 PM   #1
Registered: Mar 2005
Location: chicago
Distribution: red hat 9.0
Posts: 59

Rep: Reputation: 15
Question OpenLDAP authenticate against Kerberos?

We want to use OpenLDAP for user to login to linux machine and a successful login should issue a kerberos ticket for the user as well. However, we don't want to have 2 separate passwords for the user (even administrator creates both passwd for OpenLDAP and passwd for Kerberos as the same at the very beginning but users can possibly modify them to be different).

Now, PAM_LDAP is used perfectly for user login (as "posixAccount" in OpenLDAP). But the password is the one stored locally in OpenLDAP as well (something like "userPassword: {crypt}sth" in the LDIF file for a user) I read somewhere that this password can be written as the following to inform OpenLDAP to use Kerberos for password:

userPassword: {KERBEROS}principal@REALM
But I tried and this didn't work and this is the error message (correct password was used):

slapd[14102]: conn=62 op=3 RESULT tag=97 err=49 text=
pam_ldap: error trying to bind as user "uid=SOMEONE,ou=People,dc=COMPANY,dc=com" (Invalid credentials)
Any thoughts? Is this supported in current OpenLDAP?


//mod note - not a networking question. moved to Linux - Server.

Last edited by acid_kewpie; 07-31-2007 at 01:07 PM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Getting squid to authenticate to OpenLDAP Server fluff Linux - Networking 12 06-11-2010 05:20 PM
getting a linux client to authenticate against OpenLDAP server mars_fun_size Linux - Software 1 03-15-2007 03:22 AM
cannot authenticate to AD after Kerberos client install bret Linux - Security 4 02-02-2006 05:14 PM
Kerberos Krizzc Slackware 0 10-21-2004 07:10 AM
Kerberos krieger Linux - Security 1 01-29-2002 01:40 PM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 04:54 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration