[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

which Kerberos implementation?

On Sat, Apr 24, 2010 at 09:52:49PM +0200, Petter Reinholdtsen wrote:
> [Petter Reinholdtsen]
> Not sure which Kerberos implementation we should use.  Reading
> <URL: http://grep.be/blog/en/lazyweb/re_kerberos_ldap > make me
> suspect Heimdal Kerberos might be a better choice than MIT Kerberos,
> as it has had support for storing principals in LDAP for a long time.

I am just looking at http://www.h5l.org/manual/HEAD/info/heimdal/Using-LDAP-to-store-the-database.html#Using-LDAP-to-store-the-database 

and there it states:

Since Heimdal talks to the LDAP server over a UNIX domain socket, and
uses external sasl authentication, it's not possible to require
security layer quality (ssf in cyrus-sasl lingo). So that requirement
has to be turned off in OpenLDAP slapd configuration file slapd.conf.

Does this mean we can't split ldap-server and kdc-server? Or is this a
bad idea anyway? 


Reply to: