On Sat, Apr 24, 2010 at 09:52:49PM +0200, Petter Reinholdtsen wrote: > [Petter Reinholdtsen] > Not sure which Kerberos implementation we should use. Reading > <URL: http://grep.be/blog/en/lazyweb/re_kerberos_ldap > make me > suspect Heimdal Kerberos might be a better choice than MIT Kerberos, > as it has had support for storing principals in LDAP for a long time.
I am just looking at http://www.h5l.org/manual/HEAD/info/heimdal/Using-LDAP-to-store-the-database.html#Using-LDAP-to-store-the-database and there it states: [...] Since Heimdal talks to the LDAP server over a UNIX domain socket, and uses external sasl authentication, it's not possible to require security layer quality (ssf in cyrus-sasl lingo). So that requirement has to be turned off in OpenLDAP slapd configuration file slapd.conf. [...] Does this mean we can't split ldap-server and kdc-server? Or is this a bad idea anyway? Cheers Andi -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100501162306.ga9...@flashgordon