[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Heimdal with openldap-backend
Hi everybody,
this is not only an heimdal , but maybe also an openldap problem.
Hope your not bad, but i don't know whom to ask ...
My configuration :
Suse LINUX 8.2
Kernel 2.4.24
openldap-2-2-4
heimdal-0.6
openssl-0.9.6l
The problem :
I try to use openldap-2.2.4 as backend for heimdal, like Luke Howard
from PADL described it on the PADL-site.
Now, all KERBEROS/LDAP-deamons are started
(heimdal log says : Feb 5 20:27:19 Pentium200 kadmind[2227]: bind:
/var/heimdal/kdc.conf:0: cannot open file - What's this ?)
and i come to the point to initialize heimdal .
First i run kstash - without problems.
Then i try kadmin, here's what it says :
---snipp---
Pentium200:/usr/local/heimdal-0.6/sbin # ./kadmin -l
kadmin> init HRNET.DE
Realm max ticket life [unlimited]:
Realm max renewable ticket life [unlimited]:
kadmin: kadm5_create_principal: ldap_add_s: Strong(er) authentication
required
Pentium200:/usr/local/heimdal-0.6/sbin #
---snipp---
Too bad, what stronger authentication does it mean and where do i configure it ?
Here is my /etc/krb5 :
---snipp---
[libdefaults]
default_realm = HRNET.DE
clockskew = 300
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
# Set this to false to disable MIT krb5 compatibility
# in GSSAPI get_mic/verify_mic, and become compatible
# with older Heimdal releases instead.
gss_mit_compat = true
[realms]
HRNET.DE = {
kdc = pentium200.hrnet.de
kpasswd_server = pentium200.hrnet.de
admin_server = pentium200.hrnet.de
}
[domain_realm]
.my.domain = HRNET.DE
[kdc]
database = {
dbname = ldap:ou=KerberosPrincpals,dc=hrnet,dc=de
mkey_file = /var/heimdal/m-key
}
---snipp---
In slapd.conf i inserted the following lines :
---snipp---
access to *
by sockurl="^ldapi:///$" write
---snipp---
So , where's the mistake ?
If more information is needed i'll give it to you ...
greets Harry