Kerberos Integration (Was: Fedora Crypto Consolidation Project)

Simo Sorce ssorce at
Sun Sep 2 22:17:05 UTC 2007

On Sat, 2007-09-01 at 21:59 -0600, Jerry James wrote:

> Let me tell you my experience.  Around the first of this year, I
> decided to use kerberos+ldap to manage the machines in my research
> lab.  After spending hours reading documentation and experimenting
> with kerberos and ldap separately, I got everything configured.  It
> was only then that I discovered that libuser doesn't support
> kerberos+ldap.

James, I made some patches to make libuser a bit more friendly to
SASL/GSSAPI recently, but the problem with libuser is that it is built
around the /etc/passwd and its 5 fields |(+ shadow and its few more
fields) only.
Libuser lacks the breadth to manage anything based on ldap, which is
extensible and more complex even with the current very basic
objectClasses available.

In FreeIPA we are try to come up with better tools to deal with the
specifics of an extensible infrastructure.


More information about the fedora-devel-list mailing list