[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Question on using ldap as password database for heimdal

To: jay alvarez <kerber0sb0y@yahoo.com>
Subject: Re: Question on using ldap as password database for heimdal
From: Love Hörnquist Åstrand <lha@kth.se>
Date: Tue, 19 Jul 2005 13:49:40 +0200
Cc: heimdal-discuss@sics.se
In-Reply-To: <20050713080604.52896.qmail@web32413.mail.mud.yahoo.com> (jayalvarez's message of "Wed, 13 Jul 2005 01:06:04 -0700 (PDT)")
References: <20050713080604.52896.qmail@web32413.mail.mud.yahoo.com>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (berkeley-unix)

jay alvarez <kerber0sb0y@yahoo.com> writes:

> does it mean that my whole ldap directory will
> be encrypted too because of the way kerberos stores
> user credentials?

If you have a master key, the keys will be encrypted (but no other data of
the kerbero data). 

You must set you ACL's right in the ldapserver so only the KDC can access
the kerberos bits. You should check your ldap server documentation, and the
setup documentation in the heimdal info-tree (available on web from heimdal
website).

Love

PGP signature

References:
- Question on using ldap as password database for heimdal
  - From: jay alvarez <kerber0sb0y@yahoo.com>

Prev by Date: Re: kxd bug?
Next by Date: Re: HDB layer ideas
Prev by thread: Question on using ldap as password database for heimdal
Next by thread: you won`t believe your eyes Nathaniel
Index(es):
- Date
- Thread