[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Solaris 10 Heimdal kerberos/ldap

I don't have either one of them working right now.  We're doing it  
sort-of by hand, and may be supporting MacOS as well if it works.

Not just different, but actually incompatible with RFC 2307?  Thanks  
for the warning.  Hopefully we're doing a sufficiently limited set of  
stuff that we can dodge whatever problems there are.  We'll see.

On Jan 26, 2007, at 11:50 AM, Howard Chu wrote:

> Henry B. Hotz wrote:
>> I just started working on this for Redhat.  Any gotcha's?  Does  
>> RedHat have ldap cacheing the way Solaris does?
>> Solaris is next.  I would think you could use ldapclient to get  
>> ldap and cacheing configured.  Then put ldap in as a source in / 
>> etc/ nsswitch.conf for whatever's appropriate.  Then put pam_krb5  
>> in the relevant pam chains.  I think there may be an account chain  
>> that should have pam_ldap instead of pam_krb5.
> Do yourself a favor and don't use Solaris ldapclient for anything.  
> Not if you already have Linux systems working with LDAP on your  
> network; the Solaris schema is incompatible with RFC2307 and just  
> about anything else. Jettison all their junk and install the PADL  
> stuff so that you'll get consistent identical behavior across Linux  
> and Solaris.
>> Simple in theory.  ;-)
>> On Dec 28, 2006, at 3:43 AM, Kent Nasveschuk wrote:
>>> Hello,
>>> Is there anyone using Heimdal Kerberos/LDAP for Solaris 10  
>>> clients? I've
>>> struggled through getting Fedora and RedHat to work with this but  
>>> I'm
>>> having problems Solaris.
>>> LDAP version 2.3.27
>>> Heimdal 0.7.2
>>> Thanks.
>>> Kent N
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu