[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Heimdal with openldap-backend



Hi everybody,

this is not only an heimdal , but maybe also an openldap problem.
Hope your not bad, but i don't know whom to ask ...

My configuration :

Suse LINUX 8.2
Kernel 2.4.24
openldap-2-2-4
heimdal-0.6
openssl-0.9.6l

The problem :


I try to use openldap-2.2.4 as backend for heimdal, like Luke Howard
from PADL described it on the PADL-site.


Now, all KERBEROS/LDAP-deamons are started
(heimdal log says : Feb  5 20:27:19 Pentium200 kadmind[2227]: bind: 
/var/heimdal/kdc.conf:0: cannot open file - What's this ?)
and i come to the point to initialize heimdal .

First i run kstash - without problems.

Then i try kadmin, here's what it says :

---snipp---
Pentium200:/usr/local/heimdal-0.6/sbin # ./kadmin -l
kadmin> init HRNET.DE
Realm max ticket life [unlimited]:
Realm max renewable ticket life [unlimited]:
kadmin: kadm5_create_principal: ldap_add_s: Strong(er) authentication
required
Pentium200:/usr/local/heimdal-0.6/sbin #
---snipp---

Too bad, what stronger authentication does it mean and where do i configure it ?

Here is my /etc/krb5 :

---snipp---
[libdefaults]
         default_realm = HRNET.DE
     clockskew = 300
     v4_instance_resolve = false
     v4_name_convert = {
         host = {
             rcmd = host
             ftp = ftp
         }
         plain = {
             something = something-else
         }
     }
     # Set this to false to disable MIT krb5 compatibility
     # in GSSAPI get_mic/verify_mic, and become compatible
     # with older Heimdal releases instead.
     gss_mit_compat = true

[realms]
     HRNET.DE = {
         kdc            = pentium200.hrnet.de
         kpasswd_server = pentium200.hrnet.de
         admin_server   = pentium200.hrnet.de
     }

[domain_realm]
     .my.domain = HRNET.DE

[kdc]
         database = {
           dbname = ldap:ou=KerberosPrincpals,dc=hrnet,dc=de
           mkey_file = /var/heimdal/m-key
         }
---snipp---

In slapd.conf i inserted the following lines :
---snipp---
access to *
         by sockurl="^ldapi:///$" write
---snipp---


So , where's the mistake ?

If more information is needed i'll give it to you ...

greets Harry