Dan Burkland wrote:
Hi all,I have created a project for myself in that I would like to store an MIT Kerberos database inside LDAP (Using OpenLDAP). I have found some relevant results but most of them are extremely outdated and unreliable. I did however recently find an article for Ubuntu that was up to date however it wasn’t focused on CentOS/Red hat-based distros. Has anybody found something like this https://help.ubuntu.com/9.04/serverguide/C/kerberos-ldap.html in regards to the topic discussed earlier?
It is not a good idea to do that IMHO for the following reasons: 1) You have do rebuild the MIT Kerberos packages to enable the LDAP backend.2) The MIT Kerberos LDAP backend on version 1.6 (shipped on CentOS) is considered not mature.
3) If your LDAP server is compromised (by a bug on OpenLDAP or something else) all password's hashes could be exposed.
The Heimdal Kerberos seams to have a much more mature LDAP backend (that's why Samba merged Heimdal on Samba4 I suppose) but it is not packaged by Red Hat and I have no experience with it.
Regards, Miguel
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
