On Mon, Jan 07, 2019 at 04:18:36PM -0500, vadud3@gmail.com wrote:
I am using openldap proxy today with ldap backend.
Any suggestions on how to use kerberos as the backend?
Kerberos only has infomation necessary for authentication; like principals and policies. LDAP stores much more, such as group memberships, numerical uids, home directories, etc. So normally people use both LDAP and Kerberos, not Kerberos alone. There are 3 ways that Kerberos and LDAP can work together:
1, LDAP can use Kerberos to authenicate (bind) access 2, LDAP can forward authentication request to kerberos via SASL 3, Kerberos can use LDAP as a database backend
In my organization we are using 1 and 2, but not 3. I think Microsoft AD also does something similiar under the hood.