"Lukas" == Lukas Kubin <[EMAIL PROTECTED]> writes:
Lukas> How complicated is it to move to Heimdal from MIT? I need Lukas> a solution to enable users' authentication to LDAP in our Lukas> network which uses MIT Kerberos 5. What do you use?
On a Debian system using the native LDAP, install libsasl2-modules-gssapi-heimdal not libsasl2-gssapi-mit. That should be all you need. You can continue using MIT for everything else.
Thank you, that's what I was looking for! I wouldn't expect it is suitable to use heimdal libraries wit MIT K5.
If I'm misremembering that you are using Debian, then you just need to build libsasl against LDAP.
If you are also using PAM, you might want libpam-heimdal not libpam-krb5.
Why. Is it related to the threading support too?
Lukas> Originally I (after I've found I can't use MIT's kerberos Lukas> with OpenLDAP) wished to try to use the krb5kdc LDAP schema Lukas> and let LDAP server to verify the password itself. However, Lukas> I found the latest versions of OpenLDAP don't support this Lukas> feature. Is there any other way? I need to resolve this Lukas> soon. But I don't know about Heimdal K5 support on
I strongly recommend against the KDC LDAP schema.
Again, thank you really much for the help. It was too painful for me to solve the problem of "falling LDAP server". And the solution is so simple ...
lukas
-- Lukas Kubin
phone: +420596398275 email: [EMAIL PROTECTED]
Information centre The School of Business Administration in Karvina Silesian University in Opava Czech Republic http://www.opf.slu.cz
smime.p7s
Description: S/MIME Cryptographic Signature
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
