[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Solaris 10 Heimdal kerberos/ldap
I don't have either one of them working right now. We're doing it
sort-of by hand, and may be supporting MacOS as well if it works.
Not just different, but actually incompatible with RFC 2307? Thanks
for the warning. Hopefully we're doing a sufficiently limited set of
stuff that we can dodge whatever problems there are. We'll see.
On Jan 26, 2007, at 11:50 AM, Howard Chu wrote:
> Henry B. Hotz wrote:
>> I just started working on this for Redhat. Any gotcha's? Does
>> RedHat have ldap cacheing the way Solaris does?
>>
>> Solaris is next. I would think you could use ldapclient to get
>> ldap and cacheing configured. Then put ldap in as a source in /
>> etc/ nsswitch.conf for whatever's appropriate. Then put pam_krb5
>> in the relevant pam chains. I think there may be an account chain
>> that should have pam_ldap instead of pam_krb5.
>
> Do yourself a favor and don't use Solaris ldapclient for anything.
> Not if you already have Linux systems working with LDAP on your
> network; the Solaris schema is incompatible with RFC2307 and just
> about anything else. Jettison all their junk and install the PADL
> stuff so that you'll get consistent identical behavior across Linux
> and Solaris.
>>
>> Simple in theory. ;-)
>>
>> On Dec 28, 2006, at 3:43 AM, Kent Nasveschuk wrote:
>>
>>> Hello,
>>> Is there anyone using Heimdal Kerberos/LDAP for Solaris 10
>>> clients? I've
>>> struggled through getting Fedora and RedHat to work with this but
>>> I'm
>>> having problems Solaris.
>>>
>>> LDAP version 2.3.27
>>> Heimdal 0.7.2
>>>
>>> Thanks.
>>>
>>> Kent N
------------------------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu