Dan Burkland wrote: > Hi all, > > I have created a project for myself in that I would like to store an MIT > Kerberos database inside LDAP (Using OpenLDAP). I have found some > relevant results but most of them are extremely outdated and unreliable. > I did however recently find an article for Ubuntu that was up to date > however it wasn’t focused on CentOS/Red hat-based distros. Has anybody > found something like this > https://help.ubuntu.com/9.04/serverguide/C/kerberos-ldap.html in regards > to the topic discussed earlier? It is not a good idea to do that IMHO for the following reasons: 1) You have do rebuild the MIT Kerberos packages to enable the LDAP backend. 2) The MIT Kerberos LDAP backend on version 1.6 (shipped on CentOS) is considered not mature. 3) If your LDAP server is compromised (by a bug on OpenLDAP or something else) all password's hashes could be exposed. The Heimdal Kerberos seams to have a much more mature LDAP backend (that's why Samba merged Heimdal on Samba4 I suppose) but it is not packaged by Red Hat and I have no experience with it. Regards, Miguel -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 489 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20090925/6e2d95d5/attachment-0005.sig>