John Robert Mendoza wrote: > Thanks for the reply Rob. > > I did manage to solve the error by changing the permissions on the > ds.keytab file. > > I can finally do ldapsearch with gssapi. BTW, I was just wondering, > would there be any way i can make ldap as the database for the kerberos > principals. > > Isn't it that when get a ticket from kerberos it supposed to look into > ldap for its principals? Yes, MIT kerberos has an LDAP backend that you can use. You might want to look into the IPA project at http://www.freeipa.org/ This is exactly what it does (among other things). It might give you some pointers how to configure things at a minimum. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20090720/d4f23974/attachment.bin
