MIT Kerberos, Smaba 3x and OpenLDAP Integration

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

MIT Kerberos, Smaba 3x and OpenLDAP Integration

Vinayak Hegde
 Here is the requirement from the Samba 3.x, OpenLDAP and
MIT Kerberos integration to provide a single sign on:

 The MIT Kerberos will soon have OpenLDAP pulug-in under
DAL (Database Abstraction Layer), so that the principal and the
related information can be stored on OpenLDAP.

 If the same site has the Samba 3.x providing services for both
Linux and Windows users, having OpenLDAP as the data store,
then Kerberos and Samba will maintain different set of information
corresponding to the application, which are not integrated.

Following are the overheads:
i) the user will have to remember password for each of the
ii) the administrator will have to administer the account and
 password policies of the same user separately for the respective

In such a case, if we provide an integration between Samba users
and MIT Kerberos users to have LDAP user password as the
common password  it would mean single sign on.

Additionally we can integrate the policies between MIT Kerberos
 and Samba to tighten the account and password policy

Any comments?

krbdev mailing list             [hidden email]