Discussion:
Kerberos + LDAP question
Pascal Jakobi
2015-04-30 13:08:23 UTC
Permalink
I have setup a KDC and an openldap server. Both seem to work like a
charm and are linked (krb5-server-ldap package).
Only a small issue remains. Not sure this is not a limitation in the server.

Here is what I see.

1/ If I create a principal in kadmin.local, "/*addprinc
***@JAKOBI.FR*/", the corresponding principal is stored in the realm
subtree in the directory.
2/ If I create a principal in kadmin.local with its LDAP DN, "/*addprinc
-x dn="uid=test2,ou=people,dc=jakobi,dc=fr*//*" ***@JAKOBI.FR*/", the
DN entry is updated with the kerberos info stuff (principal name, etc.)
- which is fine. However, the principal does not seem to be created in
the directory, but rather on the KDC.

Is this the expected behaviour ?
If so, should I update manually, the DN and the principal entry by hand
in the Directory ?

Thanks in advance
--
Pascal Jakobi <mailto:***@gmail.com>
116 rue de Stalingrad
93100 Montreuil, France
Tel : +33 6 87 47 58 19
_______________________________________________
krbdev mailing list ***@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
Greg Hudson
2015-04-30 16:54:46 UTC
Permalink
Post by Pascal Jakobi
2/ If I create a principal in kadmin.local with its LDAP DN, "/*addprinc
DN entry is updated with the kerberos info stuff (principal name, etc.)
- which is fine. However, the principal does not seem to be created in
the directory, but rather on the KDC.
Sorry, I don't understand what you mean by that last part. The KDC
doesn't have any place to store principals other than in the directory,
in this configuration. What are you seeing which leads to the statement
that the principal was not created in the directory?
_______________________________________________
krbdev mailing list ***@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev

Continue reading on narkive:
Loading...