Re: [Kerberos] Kerberos + OpenLDAP

2007-03-06 Thread Quanah Gibson-Mount
--On Tuesday, March 06, 2007 10:43 AM -0500 Jeffrey Hutzelman [EMAIL PROTECTED] wrote: On Thursday, March 01, 2007 03:22:55 PM -0800 Enrique Rodriguez [EMAIL PROTECTED] wrote: On 3/1/07, Sam Hartman [EMAIL PROTECTED] wrote: 1) I'd really like to see interested individuals work on the

Re: [Kerberos] Kerberos + OpenLDAP

2007-03-02 Thread g . w
On Mar 1, 11:45am, Alex Karasulu wrote: } Subject: Re: [Kerberos] Kerberos + OpenLDAP Hi Greg, Hi Alex, hope the day is going well for you. [EMAIL PROTECTED] wrote: Use 'ldap' for LDAP: krb5PrincipalName: ldap/[EMAIL PROTECTED] Although this is the attribute I use for my

Re: [Kerberos] Kerberos + OpenLDAP

2007-03-02 Thread Enrique Rodriguez
On 3/2/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: ... For ADS to get 'real' as a Kerberos implementation there will be some issues which need to be addressed. Our work on an LDAP interface for an MIT/KDC has to address some of the some issues your work does so I hope to feedback the results

Re: [Kerberos] Kerberos + OpenLDAP

2007-03-02 Thread g . w
On Mar 1, 5:10pm, Sam Hartman wrote: } Subject: Re: [Kerberos] Kerberos + OpenLDAP Good evening, I hope the week has gone well for everyone. 1) I'd really like to see interested individuals work on the LDAP schema in the IETF. The effort has floundered for lack of people driving

Re: [Kerberos] Kerberos + OpenLDAP

2007-03-01 Thread Alex Karasulu
Hi Greg, On 3/1/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On Feb 28, 1:21pm, Apache Directory Developers List wrote: } Subject: Re: [Kerberos] Kerberos + OpenLDAP Good evening to everyone. Good morning to you. --On Tuesday, February 27, 2007 6:34 PM -0800 Enrique Rodriguez [EMAIL

Re: [Kerberos] Kerberos + OpenLDAP

2007-03-01 Thread Quanah Gibson-Mount
--On Thursday, March 01, 2007 12:09 AM -0600 [EMAIL PROTECTED] wrote: On Feb 28, 1:21pm, Apache Directory Developers List wrote: } Subject: Re: [Kerberos] Kerberos + OpenLDAP Good evening to everyone. --On Tuesday, February 27, 2007 6:34 PM -0800 Enrique Rodriguez [EMAIL PROTECTED] wrote

Re: [Kerberos] Kerberos + OpenLDAP

2007-03-01 Thread Alex Karasulu
+1 to that! On 3/1/07, Quanah Gibson-Mount [EMAIL PROTECTED] wrote: --On Thursday, March 01, 2007 12:09 AM -0600 [EMAIL PROTECTED] wrote: On Feb 28, 1:21pm, Apache Directory Developers List wrote: } Subject: Re: [Kerberos] Kerberos + OpenLDAP Good evening to everyone. --On Tuesday

Re: [Kerberos] Kerberos + OpenLDAP

2007-03-01 Thread Sam Hartman
1) I'd really like to see interested individuals work on the LDAP schema in the IETF. The effort has floundered for lack of people driving it. 2) I'd really love to see an ldap plugin that used some schema and called kadm5_* interfaces--I.E. a way to replace kadmind with openldap even in

Re: [Kerberos] Kerberos + OpenLDAP

2007-03-01 Thread Alex Karasulu
I think we could easily achieve #2 with ApacheDS using an interceptor. Alex On 3/1/07, Sam Hartman [EMAIL PROTECTED] wrote: 1) I'd really like to see interested individuals work on the LDAP schema in the IETF. The effort has floundered for lack of people driving it. 2) I'd really love to see

Re: [Kerberos] Kerberos + OpenLDAP

2007-03-01 Thread Enrique Rodriguez
On 3/1/07, Sam Hartman [EMAIL PROTECTED] wrote: 1) I'd really like to see interested individuals work on the LDAP schema in the IETF. The effort has floundered for lack of people driving it. 2) I'd really love to see an ldap plugin that used some schema and called kadm5_* interfaces--I.E. a

Re: [Kerberos] Kerberos + OpenLDAP

2007-02-28 Thread Quanah Gibson-Mount
--On Tuesday, February 27, 2007 6:34 PM -0800 Enrique Rodriguez [EMAIL PROTECTED] wrote: On 2/27/07, Mark Wilcox [EMAIL PROTECTED] wrote: I have a quick question. Did you use the example Kerberos entries that come with ApacheDS or are there example entries posted elsewhere? I didn't see

Re: [Kerberos] Kerberos + OpenLDAP

2007-02-28 Thread g . w
On Feb 28, 1:21pm, Apache Directory Developers List wrote: } Subject: Re: [Kerberos] Kerberos + OpenLDAP Good evening to everyone. --On Tuesday, February 27, 2007 6:34 PM -0800 Enrique Rodriguez [EMAIL PROTECTED] wrote: Use 'ldap' for LDAP: krb5PrincipalName: ldap/[EMAIL PROTECTED

[Kerberos] Kerberos + OpenLDAP

2007-02-27 Thread Enrique Rodriguez
Hi, Directory developers, As part of documenting practical uses of Apache Directory for Kerberos authentication, I got Kerberos authentication to OpenLDAP working. This uses the SASL+GSS-API+Kerberos V5 mechanism. The three-headed Kerberos setup I tested was (1) OpenLDAP clients (2) OpenLDAP

Re: [Kerberos] Kerberos + OpenLDAP

2007-02-27 Thread Alex Karasulu
Would be nice to get SASL setup for Apache Directory. Any idea if that's possible soon? Alex On 2/27/07, Enrique Rodriguez [EMAIL PROTECTED] wrote: Hi, Directory developers, As part of documenting practical uses of Apache Directory for Kerberos authentication, I got Kerberos authentication

Re: [Kerberos] Kerberos + OpenLDAP

2007-02-27 Thread Enrique Rodriguez
On 2/27/07, Alex Karasulu [EMAIL PROTECTED] wrote: Would be nice to get SASL setup for Apache Directory. Any idea if that's possible soon? Yes, I think so. I'll put some more time into it this weekend. I'll go ahead and assign DIRSERVER-277 and DIRSERVER-278 to myself. Once GSSAPI is

Re: [Kerberos] Kerberos + OpenLDAP

2007-02-27 Thread Mark Wilcox
I have a quick question. Did you use the example Kerberos entries that come with ApacheDS or are there example entries posted elsewhere? I didn't see them on the Wiki docs. Thanks, Mark

Re: [Kerberos] Kerberos + OpenLDAP

2007-02-27 Thread Enrique Rodriguez
On 2/27/07, Mark Wilcox [EMAIL PROTECTED] wrote: I have a quick question. Did you use the example Kerberos entries that come with ApacheDS or are there example entries posted elsewhere? I didn't see them on the Wiki docs. No, I haven't posted them yet. This is pretty alpha, which is why I