Krb5 und LDAP

MIT Kerberos 1.6.3 The Rough Guide to configuring a Solaris KDC to use a LDAP DS for the KDB # rm /etc/krb5kdc/kdc.conf # ln -s /etc/krb5.conf /etc/krb5kdc/kdc.conf --- /etc/krb5.conf --- [kdcdefaults] kdc_ports = 750,88 [libdefaults] default_realm = PATRICK-PREUSS.DE default_tgs_enctypes = des-cbc-crc default_tkt_enctypes = des-cbc-crc [realms] PATRICK-PREUSS.DE = { kdc = moria admin_server = moria acl_file = /etc/krb5kdc/kadm5.acl database_module = openldap_ldapconf default_domain = patrick-preuss.de master_key_type = des-cbc-crc supported_enctypes = des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3 } [domain_realm] .patrick-preuss.de = PATRICK-PREUSS.DE patrick-preuss.de = PATRICK-PREUSS.DE [login] krb4_convert = true krb4_get_tickets = false [kdc] database = { dbname = ldap:ou=Kerberos,dc=patrick-preuss,dc=de } [dbdefaults] ldap_kerberos_container_dn = cn=Kerberos,dc=patrick-preuss,dc=de database_module = openldap_ldapconf [dbmodules] openldap_ldapconf = { db_library = kldap ldap_kerberos_container_dn = cn=Kerberos,dc=patrick-preuss,dc=de ldap_kdc_dn = "cn=kdc-service,ou=ITAccounts,dc=patrick-preuss,dc=de" # this object needs to have read rights on # the realm container, principal container and realm sub-trees ldap_kadmind_dn = "cn=kdc-adm-service,ou=ITAccounts,dc=patrick-preuss,dc=de" # this object needs to have read and write rights on # the realm container, principal container and realm sub-trees ldap_service_password_file = /etc/krb5kdc/service.keyfile ldap_servers = ldap://moria ldap_conns_per_server = 5 } [logging] kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmin.log default = FILE:/var/log/krb5lib.log --- /etc/krb5.conf --- # kdb5_ldap_util -D "cn=Patrick Marc Preuss,ou=People,dc=patrick-preuss,dc=de" -w "somethingsecret" create -subtrees dc=patrick-preuss,dc=de -r PATRICK-PREUSS.DE -s # kdb5_ldap_util -H ldap://moria -D "cn=Patrick Marc Preuss,ou=People,dc=patrick-preuss,dc=de" -w "somethingsecret" stashsrvpw -f /etc/krb5kdc/service.keyfile "cn=kdc-adm-service,ou=ITAccounts,dc=patrick-preuss,dc=de" # kdb5_ldap_util -H ldap://moria -D "cn=Patrick Marc Preuss,ou=People,dc=patrick-preuss,dc=de" -w "somethingsecret" stashsrvpw -f /etc/krb5kdc/service.keyfile "cn=kdc-service,ou=ITAccounts,dc=patrick-preuss,dc=de" # kadmin.local -q 'addprinc kadmin/moria' # kadmin.local -q 'addprinc kadmin/moria.local' # kadmin.local -q 'addprinc kadmin/moria.patrick-preuss.de' # kadmin.local -q 'addprinc changepw/moria' # kadmin.local -q 'addprinc changepw/moria.local' # kadmin.local -q 'addprinc changepw/moria.patrick-preuss.de'