[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Using other than OpenLDAP


I'm an absolute newbie to kerberos trying to see how to fit it into our
network and existing authentication schemes.  Currently, LDAP represents
the backend store for all passwords and users are authenticated against
the LDAP server.  Maintenance of the LDAP user/password data is built into
our account management software, and numerous not-easily-kerberizable
applications will continue to depend on it.  The potential issue here is
that the sever in question is the iPlanet server, not OpenLDAP.  The other
issue is passwords which are already encrypted on the iPlanet server.

Can I use iPlanet?  Also, looking at the krb5-kdc.schema, I don't see an
obvious place for user passwords.  I presume that the krb5PrincipalName
attribute would hold the id of a user, but it's not obviously a DN, so I'm
not sure how all the LDAP pieces even connect.

Any pointers would be greatly appreciated.

Rob Tanner
UNIX Service Manager
Linfield College
McMinnville, Oregon