[Fedora-directory-users] Directory Server Authentication Pass through with Kerberos or saslauthd
Tim Hartmann
hartmann at fas.harvard.edu
Thu Sep 25 19:58:39 UTC 2008
Hi all, I've run into some configuration trouble with our Red Hat Directory server V 8.0 and was hoping someone on this list might be able to shed a little light on my darkened, troubled and confused brow!
We've got the directory running pretty and have enabled gssapi to allow
us to bind with our Kerberos Tickets, so if I do an LDAP query and bind with gssapi with a valid TGT all is well! (hurray) However thats really only PART of what we hope to do with Kerberos and Red Hat Directory Server... we'd also like to be able to use Kerberos as the password database for LDAP... so that a non kerberos aware application which just wants to bind to ldap will be able to bind to the directory, unaware that Kerberos is actually being used as the password store and means of auth..
I found a pretty good HOWTO for how to do this with open ldap:
http://www.ba.infn.it/~domenico/docs/AAIFiles/openLDAP.html
Way down at the bottom where it says "Kerberos as back-end database for LDAP password" is exactly what I'd like to accomplish! Is there a means to do the same thing in FDS? I also found this documentations:
http://directory.fedoraproject.org/wiki/Howto:PAM_Pass_Through
Which seems like it could work, but seems kind of like a hack for what i'm trying to do and it seemed like I couldn't be the only one who wanted to do it! I suspect there's something I'm just missing!
Thanks for the time, and any help would be much appreciated!
Tim
More information about the Fedora-directory-users
mailing list