Re: Storing Kerberos database in OpenLDAP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Dan Burkland wrote:
Hi all,

I have created a project for myself in that I would like to store an MIT Kerberos database inside LDAP (Using OpenLDAP). I have found some relevant results but most of them are extremely outdated and unreliable. I did however recently find an article for Ubuntu that was up to date however it wasn’t focused on CentOS/Red hat-based distros. Has anybody found something like this https://help.ubuntu.com/9.04/serverguide/C/kerberos-ldap.html in regards to the topic discussed earlier?

It is not a good idea to do that IMHO for the following reasons:

1) You have do rebuild the MIT Kerberos packages to enable the LDAP backend.

2) The MIT Kerberos LDAP backend on version 1.6 (shipped on CentOS) is considered not mature.

3) If your LDAP server is compromised (by a bug on OpenLDAP or something else) all password's hashes could be exposed.

The Heimdal Kerberos seams to have a much more mature LDAP backend (that's why Samba merged Heimdal on Samba4 I suppose) but it is not packaged by Red Hat and I have no experience with it.

Regards,

Miguel

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux