[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Heimdal with openldap-backend

Hi everybody,

this is not only an heimdal , but maybe also an openldap problem.
Hope your not bad, but i don't know whom to ask ...

My configuration :

Suse LINUX 8.2
Kernel 2.4.24

The problem :

I try to use openldap-2.2.4 as backend for heimdal, like Luke Howard
from PADL described it on the PADL-site.

Now, all KERBEROS/LDAP-deamons are started
(heimdal log says : Feb  5 20:27:19 Pentium200 kadmind[2227]: bind: 
/var/heimdal/kdc.conf:0: cannot open file - What's this ?)
and i come to the point to initialize heimdal .

First i run kstash - without problems.

Then i try kadmin, here's what it says :

Pentium200:/usr/local/heimdal-0.6/sbin # ./kadmin -l
kadmin> init HRNET.DE
Realm max ticket life [unlimited]:
Realm max renewable ticket life [unlimited]:
kadmin: kadm5_create_principal: ldap_add_s: Strong(er) authentication
Pentium200:/usr/local/heimdal-0.6/sbin #

Too bad, what stronger authentication does it mean and where do i configure it ?

Here is my /etc/krb5 :

         default_realm = HRNET.DE
     clockskew = 300
     v4_instance_resolve = false
     v4_name_convert = {
         host = {
             rcmd = host
             ftp = ftp
         plain = {
             something = something-else
     # Set this to false to disable MIT krb5 compatibility
     # in GSSAPI get_mic/verify_mic, and become compatible
     # with older Heimdal releases instead.
     gss_mit_compat = true

     HRNET.DE = {
         kdc            = pentium200.hrnet.de
         kpasswd_server = pentium200.hrnet.de
         admin_server   = pentium200.hrnet.de

     .my.domain = HRNET.DE

         database = {
           dbname = ldap:ou=KerberosPrincpals,dc=hrnet,dc=de
           mkey_file = /var/heimdal/m-key

In slapd.conf i inserted the following lines :
access to *
         by sockurl="^ldapi:///$" write

So , where's the mistake ?

If more information is needed i'll give it to you ...

greets Harry