Thanks Rob. I have looked into the Free IPA project and somehow I just want to setup Kerberos 1.6 with its principal database in FDS 1.2.0. Isnt it that when I add an entry to the FDS and try to kinit with the name of the entry i just added, is kerberos supposed to give me a ticket? John Robert Mendoza --- On Tue, 7/21/09, Rob Crittenden <rcritten at redhat.com> wrote: From: Rob Crittenden <rcritten at redhat.com> Subject: Re: [389-users] MIT Kerberos and FDS integration To: "General discussion list for the 389 Directory server project." <fedora-directory-users at redhat.com> Date: Tuesday, 21 July, 2009, 10:33 AM John Robert Mendoza wrote: > Thanks for the reply Rob. > > I did manage to solve the error by changing the permissions on the ds.keytab file. > > I can finally do ldapsearch with gssapi.? BTW, I was just wondering, would there be any way i can make ldap as the database for the kerberos principals. > > Isn't it that when get a ticket from kerberos it supposed to look into ldap for its principals? Yes, MIT kerberos has an LDAP backend that you can use. You might want to look into the IPA project at http://www.freeipa.org/ This is exactly what it does (among other things). It might give you some pointers how to configure things at a minimum. rob -----Inline Attachment Follows----- -- 389 users mailing list 389-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users Connect instantly with more friends on your blog and personal website? Create your latest Pingbox today! http://ph.messenger.yahoo.com/pingbox -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20090721/17ddfef8/attachment.html
