Re: [389-users] About Kerberos and dirsrv

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi !!

Yes, I want to use 389ds as a backend for kerberos.

So, everything will work just if I import the schemas on 389ds?

Another question. I have actually 2 389ds configured with multimaster
replica, and on each server there is a kdc (1 master and 1 slave).

I have to copy the same keytab on both servers?

Have I also to change the file /etc/sysconfig/saslauthd with these parameters??

MECH_OPTIONS=""
THREADS=5
START=yes
MECHANISMS="ldap"
OPTIONS="-m /var/run/saslauthd

Then ... I am missing something else??

Thank you.

2011/6/15 Juan Carlos Camargo Carrillo <juancar@xxxxxxxxxx>:
> Hi,
>
> It depends.  If you want to use 389ds as a Kerberos database backend  then
> you should import the schema into the directory and yes, you'll need to
> create principals or modify the existing ldap entries to accept kerberos
> attributes, as you've said you did with openldap.  I've done it with my
> 389ds lab and it works.
>
> El mié, 15-06-2011 a las 12:08 +0200, Gioachino Bartolotta escribió:
>
> Hi all,
>
> I have a problem in setup kerberos with 389 and I tried to do using
> the documents available on 389 site and RedHat.
>
> I followed everything, but I am unable to get the initial ticket from
> kerberos. Have I to add these records as I have always done with
> openldap??
>
> dn: ou=KerberosPrincipals,ou=Users,dc=domain
> ou: KerberosPrincipals
> objectClass: top
> objectClass: organizationalUnit
>
> dn:
> krb5PrincipalName=ldapmaster/admin@DOMAN,ou=KerberosPrincipals,ou=Users,dc=domain
> objectClass: top
> objectClass: person
> objectClass: krb5Principal
> objectClass: krb5KDCEntry
> krb5PrincipalName: ldapmaster/admin@DOMAIN
> krb5KeyVersionNumber: 1
> krb5MaxLife: 86400
> krb5MaxRenew: 604800
> krb5KDCFlags: 126
> cn: ldapmaster/admin@domain
> sn: ldapmaster/admin@domain
> userPassword: {MD5}5S2YxFmBmhF3WTbY37t5KQ==
>
> Thanks
>
>
>
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>



-- 
-------------------------------------------
Gioachino Bartolotta
ICQ #: 9103167
MSN Messenger: astraroth@xxxxxxxx
Yahoo & Skype: gioachino_bartolotta
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux