[CentOS] Storing Kerberos database in OpenLDAP
Miguel Di Ciurcio Filho
miguel at ic.unicamp.br
Fri Sep 25 13:25:06 UTC 2009
Dan Burkland wrote:
> Hi all,
>
> I have created a project for myself in that I would like to store an MIT
> Kerberos database inside LDAP (Using OpenLDAP). I have found some
> relevant results but most of them are extremely outdated and unreliable.
> I did however recently find an article for Ubuntu that was up to date
> however it wasn’t focused on CentOS/Red hat-based distros. Has anybody
> found something like this
> https://help.ubuntu.com/9.04/serverguide/C/kerberos-ldap.html in regards
> to the topic discussed earlier?
It is not a good idea to do that IMHO for the following reasons:
1) You have do rebuild the MIT Kerberos packages to enable the LDAP backend.
2) The MIT Kerberos LDAP backend on version 1.6 (shipped on CentOS) is
considered not mature.
3) If your LDAP server is compromised (by a bug on OpenLDAP or something
else) all password's hashes could be exposed.
The Heimdal Kerberos seams to have a much more mature LDAP backend
(that's why Samba merged Heimdal on Samba4 I suppose) but it is not
packaged by Red Hat and I have no experience with it.
Regards,
Miguel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 489 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20090925/6e2d95d5/attachment.sig>
More information about the CentOS
mailing list