[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Using other than OpenLDAP

To: heimdal-discuss@sics.se
Subject: Using other than OpenLDAP
From: Rob Tanner <rtanner+kerberos@linfield.edu>
Date: Thu, 22 May 2003 09:06:59 -0700
Reply-To: Rob Tanner <rtanner+kerberos@linfield.edu>
Sender: owner-heimdal-discuss@sics.se

Hi,

I'm an absolute newbie to kerberos trying to see how to fit it into our
network and existing authentication schemes.  Currently, LDAP represents
the backend store for all passwords and users are authenticated against
the LDAP server.  Maintenance of the LDAP user/password data is built into
our account management software, and numerous not-easily-kerberizable
applications will continue to depend on it.  The potential issue here is
that the sever in question is the iPlanet server, not OpenLDAP.  The other
issue is passwords which are already encrypted on the iPlanet server.

Can I use iPlanet?  Also, looking at the krb5-kdc.schema, I don't see an
obvious place for user passwords.  I presume that the krb5PrincipalName
attribute would hold the id of a user, but it's not obviously a DN, so I'm
not sure how all the LDAP pieces even connect.

Any pointers would be greatly appreciated.
  
Thanks,
Rob

Rob Tanner
UNIX Service Manager
Linfield College
McMinnville, Oregon

Prev by Date: Please handle AFS string2key with etype_info2
Next by Date: Re: Using other than OpenLDAP
Prev by thread: Please handle AFS string2key with etype_info2
Next by thread: Re: Using other than OpenLDAP
Index(es):
- Date
- Thread