We are looking to integrate Kerberos with LDAP and PAM (facilitating communication between Kerberos and LDAP using Cyrus-SASL) on Linux. On our own, and using documentation found on the web, we have managed to implement it partially.
What we have so far: A working LDAP server that we can bind to and query. A working kerberos KDC that is issuing tickets. A PAM setup that has moved the UNIX authentication (/etc/passwd) into LDAP. The final product would provide central user authentication (the Kerberos KDC) and user account management (LDAP), thus providing many of the services of a Windows Active Directory server. What we are stuck on is not so much a configuration or software issue as it is a conceptual snag. Where should Kerberos tickets (and possibly keytabs) be stored to interoperate with LDAP? How is LDAP supposed to contact the KDC and receive a ticket? Is the user supposed to run kinit -f upon login? Our company, the OIC Group, is looking for someone who really knows Kerberos and LDAP inside and out, and is willing to lend a hand, either as a consultant, or a contract system administrator. OIC is willing to pay for services rendered. Our only requirement is that the working implementation / configuration be well-documented for future reference. Any help / direction / guidance is greatly appreciated. James Hunt, Senior Programmer OIC Group, Inc. http://www.oicgroup.net/ ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos