[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heimdal-Openldap how to store principals?

To: Jose Gonzalez Gomez <jgonzalez@opentechnet.com>
Subject: Re: Heimdal-Openldap how to store principals?
From: Andrew Bacchi <bacchi@rpi.edu>
Date: 27 Aug 2004 08:58:54 -0400
Cc: "heimdal-discuss@sics.se" <heimdal-discuss@sics.se>
In-Reply-To: <412F026C.4020300@opentechnet.com>
References: <1093556278.30140.29.camel@boreal.netel.rpi.edu> <412F026C.4020300@opentechnet.com>
Sender: owner-heimdal-discuss@sics.se

Jose,

I have been following your HowTo all along, thanks for the great info. 
I am stuck at section 6.2.2, init EXAMPLE.COM.  You say, "This should
have created several entries in our LDAP directory under the system
branch.", I don't see them under any branch.  Does Kerberos create these
accounts as would an LDIF?

I have Heimdal configured with:
configure --prefix=%{heimdalprefix}
	--with-openldap=/var/ldap/etc/openldap/ --disable-berkeley-db

Is this OK?

Also, I can see the server listening on the Unix Socket.  But are there
possible permission problems?
unix  2      [ ACC ]     STREAM     LISTENING     469921
/var/ldap/var/run/ldapi

On Fri, 2004-08-27 at 05:44, Jose Gonzalez Gomez wrote:
> 
>     Take a look at this:
> 
>        http://www.opentechnet.com/auth-howto/
> 
>     and then post again if you still are in trouble. Of course, any 
> comments are welcome.
> 
>     Best regards
>     Jose
> 
> Andrew Bacchi wrote:
> 
> >I have Openldap working, and Heimdal KDC working. But, not together.
> >Can someone suggest where I'm going wrong?  Thanks.
> >
> >If I kinit as kadmin/admin, the KDC returns 
> >kinit: krb5_get_init_creds: Client (kadmin/admin@RPI.EDU) unknown
> >
> >Yet if I do a kadmin -l get -t *, kadmin/admin is listed.
> >
> >I do not see kadmin/admin anywhere in the ldap database, is it supposed
> >to be there?
> >
> >I have GSSAPI support in LDAP.
> >
> >ldapsearch -x -H ldap://ldap3.server.rpi.edu/ -b "" -s base -LLL
> >supportedSASLMechanisms
> >dn:
> >supportedSASLMechanisms: GSSAPI
> >supportedSASLMechanisms: DIGEST-MD5
> >supportedSASLMechanisms: CRAM-MD5
> >
> >And krb5.conf looks like.
> >
> >kdc]
> >        database = {
> >        realm = RPI.EDU
> >        dbname = ldap:ou=kerberos,dc=rpi,dc=edu
> >        mkey_file = /var/heimdal/m-key
> >        }
> >
> >  
> >
> 
-- 
Facade: Provide a unified interface to a set of interfaces in a
subsystem.

Andrew Bacchi
Staff Systems Programmer
Rensselaer Polytechnic Institute
phone: 518 276-6415  fax: 518 276-2809

http://www.rpi.edu/~bacchi/

Follow-Ups:
- Re: Heimdal-Openldap how to store principals?
  - From: Jose Gonzalez Gomez <jgonzalez@opentechnet.com>

References:
- Heimdal-Openldap how to store principals?
  - From: Andrew Bacchi <bacchi@rpi.edu>
- Re: Heimdal-Openldap how to store principals?
  - From: Jose Gonzalez Gomez <jgonzalez@opentechnet.com>

Prev by Date: Re: Heimdal on MacOS X
Next by Date: Re: Heimdal-Openldap how to store principals?
Prev by thread: Re: Heimdal-Openldap how to store principals?
Next by thread: Re: Heimdal-Openldap how to store principals?
Index(es):
- Date
- Thread