>>>>> "Lukas" == Lukas Kubin <[EMAIL PROTECTED]> writes:
Lukas> How complicated is it to move to Heimdal from MIT? I need
Lukas> a solution to enable users' authentication to LDAP in our
Lukas> network which uses MIT Kerberos 5. What do you use?
On a Debian system using the native LDAP, install
libsasl2-modules-gssapi-heimdal not libsasl2-gssapi-mit. That should
be all you need. You can continue using MIT for everything else.
If I'm misremembering that you are using Debian, then you just need to build libsasl
against LDAP.
If you are also using PAM, you might want libpam-heimdal not
libpam-krb5.
Lukas> Originally I (after I've found I can't use MIT's kerberos
Lukas> with OpenLDAP) wished to try to use the krb5kdc LDAP schema
Lukas> and let LDAP server to verify the password itself. However,
Lukas> I found the latest versions of OpenLDAP don't support this
Lukas> feature. Is there any other way? I need to resolve this
Lukas> soon. But I don't know about Heimdal K5 support on
I strongly recommend against the KDC LDAP schema.
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
