Re: Kerberos authenticatino and ldap authorization

On Tue, Mar 06, 2007 at 10:07:57AM -0700, RJ45 wrote:
for example I would like to installa MIT krb5 implementation from ports
instead of using heidmal default this because the kerberos server
on my network is a MIT server and I can't use kadmin on FreeBSD
to administrer the kerberos server remotely using heidmal implementation.
Anyone has experience of MIT krb5 implementation on FreeBSD ?

The handbook has a chapter on setting up Kerberos, albeit focused on Heimdal.
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kerberos5.html

In section 14.8.6 it notes that the kadmin protocol differs between
Kerberos implementations -- you have to use the MIT kadmin to administer
a remote MIT KDC.

Other than the kadmin bits (which are fairly different between the two
but isn't used by end-users anyway), it's pretty much transparent to a
Kerberos-enabled workstation which implementation it's using. I
typically install both (to different paths to avoid file conflicts)
because I like using the newest Heimdal rather than the one in base and
also because the included client applications differ. For example, MIT
has Kerberos rsh whereas the base Heimdal doesn't for some of the
platforms that I use.

If you run into any specific issues when setting it up, please post back
to the list and cc me and I'll give you a hand.

-T


--
"I once bought a cellphone that had a little sticker on the box that said
'DO NOT EAT PACKAGING MATERIAL'. There went another freebie snack at the
office."
- A.S.R. quote (Andreas "Buzh" Skau)
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: Kerberos authenticatino and ldap authorization
    ... on FreeBSD handbook but it does not helped me so much I Still ahve difficulties. ... I isntalled MIT krb5 also and I Am using kadmin from MIT ... I am not able to configure ssh to login via kerberos. ...
    (freebsd-questions)
  • Re: NIS => Kerberos/LDAP Migration
    ... and we use MIT Kerberos on Linux. ... heimdal-dev is installed, but won't compile when krb5-dev is installed. ... My thoughts on why it is not working is that the kadmin protocols from ...
    (comp.protocols.kerberos)
  • Re: Windows 2008 Trust To MIT Kerberos Server
    ... Windows then obtains a service ticket from the MIT realm with the forwarded and forwardable flags set ... With that TGT from the MIT realm, Windows is now able to obtain an LDAP service ticket from Active Directory ... I'm not a Kerberos expert like some, but I'm fairly sure this is a pretty accurate representation of how this process works. ... I have setup a trust between an Active Directory Domain and a MIT Kerberos Domain. ...
    (microsoft.public.windows.server.active_directory)
  • CentOS attempting to set up Kerberos 5-tickets created & destroyed successfully, now an issu
    ... FAQs that I've used on previous failed attempts to get kerberos ... Next is to create a host principal for my Ubuntu machine stored on the ... When I execute 'kadmin addprinc -randkey host/blah.example.com' I ... doesn't work I'm ready to tackle BIND in order to get this WAN ...
    (comp.os.linux.misc)
  • CentOS attempting to set up Kerberos 5-tickets created & destroyed successfully, now an issu
    ... FAQs that I've used on previous failed attempts to get kerberos ... Next is to create a host principal for my Ubuntu machine stored on the ... When I execute 'kadmin addprinc -randkey host/blah.example.com' I ... doesn't work I'm ready to tackle BIND in order to get this WAN ...
    (comp.os.linux.security)