Hello, On Wed, Apr 15, 2020 at 12:23 PM Dan Mahoney (Gushi) <d...@prime.gushi.org> wrote: > I may have asked this in the past, but I'll ask it again since LDAP came > up. We have an existing Kerberos domain, but we don't use LDAP at all (we > just use puppet to handle things like user creation on servers. > > Specifically, we don't do active directory for any client workstations and > don't run windows in general -- our users own their own machines, so > there's no tie-in. It's hundreds of servers, probably ~30 users. > > I see a way to do kerberos with an LDAP backend, but not the opposite. > I'd like to "Add" openLDAP to my existing KDC, or deploy openLDAP but have > it use the KDB for authentication. (Where openLDAP would continue to do > "authorization", but some machines would be kerberos-only and have no > dependence on any LDAP systems). I don't want to have to re-key hundreds > of systems.
Sorry, I don't understand what you mean by "add openldap to existing kdc". You can add the openldap service to your kerberos realm and have your users authenticate against your openldap server using kerberos, just like any other kerberized service. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
